Lucene search

Hitachi EnergyCVELIST:CVE-2023-4816

HistorySep 11, 2023 - 7:40 a.m.

CVE-2023-4816

2023-09-1107:40:46

CWE-287

Hitachi Energy

www.cve.org

vulnerability

equipment tag out

authentication

sso

t214

password validation

6.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:H/A:L

8.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.3%

JSON

A vulnerability exists in the Equipment Tag Out authentication, when configured with Single Sign-On (SSO) with password validation in T214. This vulnerability can be exploited by an authenticated user per-forming an Equipment Tag Out holder action (Accept, Release, and Clear) for another user and entering an arbitrary password in the holder action confirmation dialog box. Despite entering an arbitrary password in the confirmation box, the system will execute the selected holder action.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Asset Suite 9",
    "vendor": "Hitachi Energy",
    "versions": [
      {
        "lessThanOrEqual": "9.6.3.11.1",
        "status": "affected",
        "version": "9.6.3.11.0",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "9.6.4"
      }
    ]
  }
]

References

images.go.hitachienergy.com/Web/ABBEnterpriseSoftware/%7B70b3d323-4866-42e1-8a75-58996729c1d4%7D_8DBD000172-VU-2023-23_Asset_Suite_Tagout_vulnerability_Rev1.pdf

6.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:H/A:L

8.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.3%

JSON

Related for CVELIST:CVE-2023-4816