10 matches found
EUVD-2021-22168
Malware in sbrugna...
Hitachi Energy TXpert Hub CoreTec 4 Sudo Vulnerability
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Hitachi Energy Equipment: TXpert Hub CoreTec 4 Vulnerability: Off-by-one Error 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to take control of the system node and its information...
Hitachi Energy TXpert Hub CoreTec 4
1. EXECUTIVE SUMMARY CVSS v3 6.0 Vendor: Hitachi Energy Equipment: TXpert Hub CoreTec 4 Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Improper Input Validation, Download of Code Without Integrity Check 2. RISK EVALUATION Successful exploitation of these...
CVE-2021-35530
A vulnerability in the application authentication and authorization mechanism in Hitachi Energy's TXpert Hub CoreTec 4, that depends on a token validation of the session identifier, allows an unauthorized modified message to be executed in the server enabling an unauthorized actor to change an...
Input validation
Improper Input Validation vulnerability in a particular configuration setting field of Hitachi Energy TXpert Hub CoreTec 4 product, allows an attacker with access to an authorized user with ADMIN or ENGINEER role rights to inject an OS command that is executed by the system. This issue affects:...
Design/Logic Flaw
A vulnerability in the application authentication and authorization mechanism in Hitachi Energy's TXpert Hub CoreTec 4, that depends on a token validation of the session identifier, allows an unauthorized modified message to be executed in the server enabling an unauthorized actor to change an...
CVE-2021-35530
The CVE-2021-35530 vulnerability affects Hitachi Energy TXpert Hub CoreTec 4, versions 2.0.0 through 2.2.1, in its authentication/authorization flow where session-token validation can be bypassed. This can allow an unauthorized actor to modify a user’s password and gain unauthorized access via th...
CVE-2021-35530 User authentication bypass in TXpert Hub CoreTec 4
A vulnerability in the application authentication and authorization mechanism in Hitachi Energy's TXpert Hub CoreTec 4, that depends on a token validation of the session identifier, allows an unauthorized modified message to be executed in the server enabling an unauthorized actor to change an...
CVE-2021-35531
CVE-2021-35531 applies to Hitachi Energy TXpert Hub CoreTec 4. Affected versions: 2.0.0–2.2.1. Root cause: Improper Input Validation in a particular configuration setting field. Attack scenario: an attacker with access to an authorized user with ADMIN or ENGINEER rights can inject an OS command t...
CVE-2021-35532
CVE-2021-35532 is a vulnerability in the file upload validation component of Hitachi Energy TXpert Hub CoreTec 4. Affected versions are 2.0.0, 2.0.1, 2.1.0–2.2.1. The issue allows an attacker who has system access and a privileged account to upload a malicious firmware image, potentially compromi...