Lucene search

TwcertCVELIST:CVE-2023-24838

HistoryMar 27, 2023 - 12:00 a.m.

CVE-2023-24838 HGiga PowerStation - Information Leakage

2023-03-2700:00:00

CWE-200

twcert

www.cve.org

hgiga powerstation

information leakage

vulnerability

remote attacker

administrator credentials

remote code execution

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.9 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

66.2%

JSON

HGiga PowerStation has a vulnerability of Information Leakage. An unauthenticated remote attacker can exploit this vulnerability to obtain the administrator’s credential. This credential can then be used to login PowerStation or Secure Shell to achieve remote code execution.

CNA Affected

[
  {
    "vendor": "HGiga",
    "product": "PowerStation",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "x64.6.2.165",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

www.twcert.org.tw/tw/cp-132-6957-d8f67-1.html

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.9 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

66.2%

JSON

Related for CVELIST:CVE-2023-24838