EUVD-2021-22168

Malware in sbrugna...

Hitachi Energy TXpert Hub CoreTec 4 操作系统命令注入漏洞

The Hitachi Energy TXpert Hub CoreTec 4 is a digital transformer monitoring and diagnostic device from Hitachi, Japan. A security vulnerability exists in the Hitachi Energy TXpert Hub CoreTec 4 that can be injected into a system-executed shell command line via specific fields in the web user...

Hitachi Energy TXpert Hub CoreTec 4 Sudo Vulnerability

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Hitachi Energy Equipment: TXpert Hub CoreTec 4 Vulnerability: Off-by-one Error 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to take control of the system node and its information...

Hitachi Energy TXpert Hub CoreTec 4

1. EXECUTIVE SUMMARY CVSS v3 6.0 Vendor: Hitachi Energy Equipment: TXpert Hub CoreTec 4 Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Improper Input Validation, Download of Code Without Integrity Check 2. RISK EVALUATION Successful exploitation of these...

CVE-2021-35530

A vulnerability in the application authentication and authorization mechanism in Hitachi Energy's TXpert Hub CoreTec 4, that depends on a token validation of the session identifier, allows an unauthorized modified message to be executed in the server enabling an unauthorized actor to change an...

CVE-2021-35530

A vulnerability in the application authentication and authorization mechanism in Hitachi Energy's TXpert Hub CoreTec 4, that depends on a token validation of the session identifier, allows an unauthorized modified message to be executed in the server enabling an unauthorized actor to change an...

Input validation

Improper Input Validation vulnerability in a particular configuration setting field of Hitachi Energy TXpert Hub CoreTec 4 product, allows an attacker with access to an authorized user with ADMIN or ENGINEER role rights to inject an OS command that is executed by the system. This issue affects:...

Design/Logic Flaw

A vulnerability in the application authentication and authorization mechanism in Hitachi Energy's TXpert Hub CoreTec 4, that depends on a token validation of the session identifier, allows an unauthorized modified message to be executed in the server enabling an unauthorized actor to change an...

CVE-2021-35530

The CVE-2021-35530 vulnerability affects Hitachi Energy TXpert Hub CoreTec 4, versions 2.0.0 through 2.2.1, in its authentication/authorization flow where session-token validation can be bypassed. This can allow an unauthorized actor to modify a user’s password and gain unauthorized access via th...

CVE-2021-35530 User authentication bypass in TXpert Hub CoreTec 4

A vulnerability in the application authentication and authorization mechanism in Hitachi Energy's TXpert Hub CoreTec 4, that depends on a token validation of the session identifier, allows an unauthorized modified message to be executed in the server enabling an unauthorized actor to change an...

CVE-2021-35531

CVE-2021-35531 applies to Hitachi Energy TXpert Hub CoreTec 4. Affected versions: 2.0.0–2.2.1. Root cause: Improper Input Validation in a particular configuration setting field. Attack scenario: an attacker with access to an authorized user with ADMIN or ENGINEER rights can inject an OS command t...

CVE-2021-35531 Remote Code Execution in TXpert Hub CoreTec 4

Improper Input Validation vulnerability in a particular configuration setting field of Hitachi Energy TXpert Hub CoreTec 4 product, allows an attacker with access to an authorized user with ADMIN or ENGINEER role rights to inject an OS command that is executed by the system. This issue affects:...

CVE-2021-35532

CVE-2021-35532 is a vulnerability in the file upload validation component of Hitachi Energy TXpert Hub CoreTec 4. Affected versions are 2.0.0, 2.0.1, 2.1.0–2.2.1. The issue allows an attacker who has system access and a privileged account to upload a malicious firmware image, potentially compromi...

CVE-2021-35532 Firmware upload verification bypass in TXpert Hub CoreTec 4

A vulnerability exists in the file upload validation part of Hitachi Energy TXpert Hub CoreTec 4 product. The vulnerability allows an attacker or malicious agent who manages to gain access to the system and obtain an account with sufficient privilege to upload a malicious firmware to the product...

Hitachi Energy TXpert Hub CoreTec 4 代码问题漏洞

Hitachi Energy TXpert Hub CoreTec 4 is a digital transformer monitoring and diagnostic device from Hitachi, Japan. A security vulnerability exists in the Hitachi Energy TXpert Hub CoreTec 4 that stems from a problem in the file upload validation section. An attacker could use this vulnerability t...

PT-2022-10467 · Hitachi Energy · Hitachi Energy Txpert Hub Coretec 4

Name of the Vulnerable Software and Affected Versions: Hitachi Energy TXpert Hub CoreTec 4 versions 2.0.0 through 2.2.1 Description: The issue is related to an Improper Input Validation vulnerability in a particular configuration setting field of the Hitachi Energy TXpert Hub CoreTec 4 product...