EUVD-2021-22166

Malware in sbrugna...

EUVD-2021-22168

Malware in sbrugna...

Hitachi Energy TXpert Hub CoreTec 4 操作系统命令注入漏洞

The Hitachi Energy TXpert Hub CoreTec 4 is a digital transformer monitoring and diagnostic device from Hitachi, Japan. A security vulnerability exists in the Hitachi Energy TXpert Hub CoreTec 4 that can be injected into a system-executed shell command line via specific fields in the web user...

Hitachi Energy TXpert Hub CoreTec 4 Sudo Vulnerability

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Hitachi Energy Equipment: TXpert Hub CoreTec 4 Vulnerability: Off-by-one Error 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to take control of the system node and its information...

Hitachi Energy TXpert Hub CoreTec 4

1. EXECUTIVE SUMMARY CVSS v3 6.0 Vendor: Hitachi Energy Equipment: TXpert Hub CoreTec 4 Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Improper Input Validation, Download of Code Without Integrity Check 2. RISK EVALUATION Successful exploitation of these...

CVE-2021-35532

A vulnerability exists in the file upload validation part of Hitachi Energy TXpert Hub CoreTec 4 product. The vulnerability allows an attacker or malicious agent who manages to gain access to the system and obtain an account with sufficient privilege to upload a malicious firmware to the product...

CVE-2021-35530

A vulnerability in the application authentication and authorization mechanism in Hitachi Energy's TXpert Hub CoreTec 4, that depends on a token validation of the session identifier, allows an unauthorized modified message to be executed in the server enabling an unauthorized actor to change an...

CVE-2021-35530

A vulnerability in the application authentication and authorization mechanism in Hitachi Energy's TXpert Hub CoreTec 4, that depends on a token validation of the session identifier, allows an unauthorized modified message to be executed in the server enabling an unauthorized actor to change an...

CVE-2021-35532

A vulnerability exists in the file upload validation part of Hitachi Energy TXpert Hub CoreTec 4 product. The vulnerability allows an attacker or malicious agent who manages to gain access to the system and obtain an account with sufficient privilege to upload a malicious firmware to the product...

CVE-2021-35531

Improper Input Validation vulnerability in a particular configuration setting field of Hitachi Energy TXpert Hub CoreTec 4 product, allows an attacker with access to an authorized user with ADMIN or ENGINEER role rights to inject an OS command that is executed by the system. This issue affects:...

Input validation

Improper Input Validation vulnerability in a particular configuration setting field of Hitachi Energy TXpert Hub CoreTec 4 product, allows an attacker with access to an authorized user with ADMIN or ENGINEER role rights to inject an OS command that is executed by the system. This issue affects:...

Design/Logic Flaw

A vulnerability in the application authentication and authorization mechanism in Hitachi Energy's TXpert Hub CoreTec 4, that depends on a token validation of the session identifier, allows an unauthorized modified message to be executed in the server enabling an unauthorized actor to change an...

CVE-2021-35530 User authentication bypass in TXpert Hub CoreTec 4

A vulnerability in the application authentication and authorization mechanism in Hitachi Energy's TXpert Hub CoreTec 4, that depends on a token validation of the session identifier, allows an unauthorized modified message to be executed in the server enabling an unauthorized actor to change an...

CVE-2021-35530

The CVE-2021-35530 vulnerability affects Hitachi Energy TXpert Hub CoreTec 4, versions 2.0.0 through 2.2.1, in its authentication/authorization flow where session-token validation can be bypassed. This can allow an unauthorized actor to modify a user’s password and gain unauthorized access via th...

CVE-2021-35531

CVE-2021-35531 applies to Hitachi Energy TXpert Hub CoreTec 4. Affected versions: 2.0.0–2.2.1. Root cause: Improper Input Validation in a particular configuration setting field. Attack scenario: an attacker with access to an authorized user with ADMIN or ENGINEER rights can inject an OS command t...

CVE-2021-35531 Remote Code Execution in TXpert Hub CoreTec 4

Improper Input Validation vulnerability in a particular configuration setting field of Hitachi Energy TXpert Hub CoreTec 4 product, allows an attacker with access to an authorized user with ADMIN or ENGINEER role rights to inject an OS command that is executed by the system. This issue affects:...

CVE-2021-35532

CVE-2021-35532 is a vulnerability in the file upload validation component of Hitachi Energy TXpert Hub CoreTec 4. Affected versions are 2.0.0, 2.0.1, 2.1.0–2.2.1. The issue allows an attacker who has system access and a privileged account to upload a malicious firmware image, potentially compromi...

CVE-2021-35532 Firmware upload verification bypass in TXpert Hub CoreTec 4

A vulnerability exists in the file upload validation part of Hitachi Energy TXpert Hub CoreTec 4 product. The vulnerability allows an attacker or malicious agent who manages to gain access to the system and obtain an account with sufficient privilege to upload a malicious firmware to the product...

Hitachi Energy TXpert Hub CoreTec 4 操作系统命令注入漏洞

The Hitachi Energy TXpert Hub CoreTec 4 is a digital transformer monitoring and diagnostic device from Hitachi, Ltd Hitachi, Japan. The Hitachi Energy TXpert Hub CoreTec 4 suffers from an operating system command injection vulnerability that originates from incorrect input validation in a...

Hitachi Energy TXpert Hub CoreTec 4 代码问题漏洞

Hitachi Energy TXpert Hub CoreTec 4 is a digital transformer monitoring and diagnostic device from Hitachi, Japan. A security vulnerability exists in the Hitachi Energy TXpert Hub CoreTec 4 that stems from a problem in the file upload validation section. An attacker could use this vulnerability t...