9 High
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
7.7 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.6%
A vulnerability exists that can be exploited by an authenticated client that is connected to the same network segment as the CoreTec 4, having any level of access VIEWER to ADMIN. To exploit the vulnerability the attacker can inject shell commands through a particular field of the web user interface that will be executed by the system.
CPE | Name | Operator | Version |
---|---|---|---|
abb:txpert_hub_coretec_4_firmware | abb txpert hub coretec 4 firmware | lt | 3.0.1 |
[
{
"defaultStatus": "unaffected",
"product": "TXpert Hub CoreTec 4",
"vendor": "Hitachi Energy",
"versions": [
{
"status": "affected",
"version": "TXpert Hub CoreTec 4 version 2.0.*"
},
{
"status": "affected",
"version": "TXpert Hub CoreTec 4 version 2.1.*"
},
{
"status": "affected",
"version": "TXpert Hub CoreTec 4 version 2.2.*"
},
{
"status": "affected",
"version": "TXpert Hub CoreTec 4 version 2.3.*"
},
{
"status": "affected",
"version": "TXpert Hub CoreTec 4 version 2.4.*"
},
{
"status": "unaffected",
"version": "TXpert Hub CoreTec 4 version 3.0.1"
}
]
}
]
9 High
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
7.7 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.6%