33 matches found
EUVD-2021-22167
Malware in sbrugna...
EUVD-2021-22168
Malware in sbrugna...
EUVD-2023-34096
Malicious code in bioql PyPI...
CVE-2023-2625
A vulnerability exists that can be exploited by an authenticated client that is connected to the same network segment as the CoreTec 4, having any level of access VIEWER to ADMIN. To exploit the vulnerability the attacker can inject shell commands through a particular field of the web user...
CVE-2023-2625
A vulnerability exists that can be exploited by an authenticated client that is connected to the same network segment as the CoreTec 4, having any level of access VIEWER to ADMIN. To exploit the vulnerability the attacker can inject shell commands through a particular field of the web user...
CVE-2023-2625
A vulnerability exists that can be exploited by an authenticated client that is connected to the same network segment as the CoreTec 4, having any level of access VIEWER to ADMIN. To exploit the vulnerability the attacker can inject shell commands through a particular field of the web user...
Design/Logic Flaw
A vulnerability exists that can be exploited by an authenticated client that is connected to the same network segment as the CoreTec 4, having any level of access VIEWER to ADMIN. To exploit the vulnerability the attacker can inject shell commands through a particular field of the web user...
CVE-2023-2625
A vulnerability exists that can be exploited by an authenticated client that is connected to the same network segment as the CoreTec 4, having any level of access VIEWER to ADMIN. To exploit the vulnerability the attacker can inject shell commands through a particular field of the web user...
CVE-2023-2625
A vulnerability exists that can be exploited by an authenticated client that is connected to the same network segment as the CoreTec 4, having any level of access VIEWER to ADMIN. To exploit the vulnerability the attacker can inject shell commands through a particular field of the web user...
CVE-2023-2625
CVE-2023-2625 (CoreTec 4) : The provided documents describe a command-injection vulnerability in Hitachi Energy TXpert Hub CoreTec 4. An authenticated client on the same network segment (with any access level from VIEWER to ADMIN) can inject shell commands through a specific field in the web UI, ...
Hitachi Energy TXpert Hub CoreTec 4 操作系统命令注入漏洞
The Hitachi Energy TXpert Hub CoreTec 4 is a digital transformer monitoring and diagnostic device from Hitachi, Japan. A security vulnerability exists in the Hitachi Energy TXpert Hub CoreTec 4 that can be injected into a system-executed shell command line via specific fields in the web user...
PT-2023-20563 · Coretec 4 · Coretec 4
Name of the Vulnerable Software and Affected Versions: CoreTec 4 affected versions not specified Description: A vulnerability exists that can be exploited by an authenticated client connected to the same network segment as the system, with any level of access from VIEWER to ADMIN. The attacker ca...
Hitachi Energy TXpert Hub CoreTec 4 Sudo Vulnerability
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Hitachi Energy Equipment: TXpert Hub CoreTec 4 Vulnerability: Off-by-one Error 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to take control of the system node and its information...
Hitachi Energy TXpert Hub CoreTec 4
1. EXECUTIVE SUMMARY CVSS v3 6.0 Vendor: Hitachi Energy Equipment: TXpert Hub CoreTec 4 Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Improper Input Validation, Download of Code Without Integrity Check 2. RISK EVALUATION Successful exploitation of these...
CVE-2021-35531
Improper Input Validation vulnerability in a particular configuration setting field of Hitachi Energy TXpert Hub CoreTec 4 product, allows an attacker with access to an authorized user with ADMIN or ENGINEER role rights to inject an OS command that is executed by the system. This issue affects:...
CVE-2021-35532
A vulnerability exists in the file upload validation part of Hitachi Energy TXpert Hub CoreTec 4 product. The vulnerability allows an attacker or malicious agent who manages to gain access to the system and obtain an account with sufficient privilege to upload a malicious firmware to the product...
CVE-2021-35532
A vulnerability exists in the file upload validation part of Hitachi Energy TXpert Hub CoreTec 4 product. The vulnerability allows an attacker or malicious agent who manages to gain access to the system and obtain an account with sufficient privilege to upload a malicious firmware to the product...
CVE-2021-35530
A vulnerability in the application authentication and authorization mechanism in Hitachi Energy's TXpert Hub CoreTec 4, that depends on a token validation of the session identifier, allows an unauthorized modified message to be executed in the server enabling an unauthorized actor to change an...
CVE-2021-35530
A vulnerability in the application authentication and authorization mechanism in Hitachi Energy's TXpert Hub CoreTec 4, that depends on a token validation of the session identifier, allows an unauthorized modified message to be executed in the server enabling an unauthorized actor to change an...
Privilege escalation
A vulnerability exists in the file upload validation part of Hitachi Energy TXpert Hub CoreTec 4 product. The vulnerability allows an attacker or malicious agent who manages to gain access to the system and obtain an account with sufficient privilege to upload a malicious firmware to the product...