Lucene search

Hitachi EnergyCVELIST:CVE-2023-2621

HistoryNov 01, 2023 - 2:10 a.m.

CVE-2023-2621

2023-11-0102:10:56

CWE-22

Hitachi Energy

www.cve.org

mcfeeder server

file write vulnerability

third-party library

zip archive

network

authentication

cve-2023-2621

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

16.2%

JSON

The McFeeder server (distributed as part of SSW package), is susceptible to an arbitrary file write vulnerability on the MAIN computer
system. This vulnerability stems from the use of an outdated version of a third-party library, which is used to extract archives uploaded to McFeeder server. An authenticated malicious client can
exploit this vulnerability by uploading a crafted ZIP archive via the
network to McFeeder’s service endpoint.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "MACH System Software",
    "vendor": "Hitachi Energy",
    "versions": [
      {
        "lessThan": "7.17.0.0",
        "status": "affected",
        "version": "5.0",
        "versionType": "custom"
      }
    ]
  }
]

References

publisher.hitachienergy.com/preview?DocumentId=8DBD000177&languageCode=en&Preview=true

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

16.2%

JSON

Related for CVELIST:CVE-2023-2621