Lucene search

[email protected]NVD:CVE-2023-2621

HistoryNov 01, 2023 - 3:15 a.m.

CVE-2023-2621

2023-11-0103:15:07

CWE-22

[email protected]

web.nvd.nist.gov

mcfeeder server

arbitrary file write vulnerability

outdated version

third-party library

crafted zip archive

network upload

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

16.2%

JSON

The McFeeder server (distributed as part of SSW package), is susceptible to an arbitrary file write vulnerability on the MAIN computer
system. This vulnerability stems from the use of an outdated version of a third-party library, which is used to extract archives uploaded to McFeeder server. An authenticated malicious client can
exploit this vulnerability by uploading a crafted ZIP archive via the
network to McFeeder’s service endpoint.

Affected configurations

Nvd

Node

hitachienergymodular_advanced_control_for_hvdcRange5.0–7.17.0.0

VendorProductVersionCPE
hitachienergymodular_advanced_control_for_hvdc*cpe:2.3:a:hitachienergy:modular_advanced_control_for_hvdc:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
hitachienergy	modular_advanced_control_for_hvdc	*	cpe:2.3:a:hitachienergy:modular_advanced_control_for_hvdc::::::::

References

publisher.hitachienergy.com/preview?DocumentId=8DBD000177&languageCode=en&Preview=true

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

16.2%

JSON

Related for NVD:CVE-2023-2621

cvelist1 cve1 prion1 ics1