Improper Input Validation vulnerability in a particular configuration setting field of Hitachi Energy TXpert Hub CoreTec 4 product, allows an attacker with access to an authorized user with ADMIN or ENGINEER role rights to inject an OS command that is executed by the system. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0; 2.0.1; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1.
Una vulnerabilidad de comprobaciĆ³n de entrada inapropiada en un campo de configuraciĆ³n particular del producto Hitachi Energy TXpert Hub CoreTec 4, permite a un atacante con acceso a un usuario autorizado con derechos de rol ADMIN o ENGINEER inyectar un comando del sistema operativo que es ejecutado por el sistema. Este problema afecta a: Hitachi Energy TXpert Hub CoreTec 4 versiones 2.0.0; 2.0.1; 2.1.0; 2.1.2; 2.1.3; 2.2.0; 2.2.1
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
| Attack Vector | LOCAL |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | HIGH |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | HIGH |
| Integrity Impact | HIGH |
| Availability Impact | HIGH |
AV:L/AC:L/Au:N/C:C/I:C/A:C
| Access Vector | LOCAL |
|---|---|
| Access Complexity | LOW |
| Authentication | NONE |
| Confidentiality Impact | COMPLETE |
| Integrity Impact | COMPLETE |
| Availability Impact | COMPLETE |
| Source | Type | Description |
|---|---|---|
| [email protected] | Secondary |
en
CWE-20
|
| [email protected] | Primary |
en
CWE-78
|
| Vendor | Product | Version | Update | Type |
|---|---|---|---|---|
| hitachienergy | txpert_hub_coretec_4_firmware | 2.0.0 | <built-in method update of dict object at 0x72a9cc5e6a80> | Operating System |
| hitachienergy | txpert_hub_coretec_4_firmware | 2.0.1 | <built-in method update of dict object at 0x72a9994a8580> | Operating System |
| hitachienergy | txpert_hub_coretec_4_firmware | 2.1.0 | <built-in method update of dict object at 0x72a9ccf2b840> | Operating System |
| hitachienergy | txpert_hub_coretec_4_firmware | 2.1.1 | <built-in method update of dict object at 0x72a9cc747ec0> | Operating System |
| hitachienergy | txpert_hub_coretec_4_firmware | 2.1.2 | <built-in method update of dict object at 0x72a9b0b48600> | Operating System |
| hitachienergy | txpert_hub_coretec_4_firmware | 2.1.3 | <built-in method update of dict object at 0x72a9b0b49c80> | Operating System |
| hitachienergy | txpert_hub_coretec_4_firmware | 2.2.0 | <built-in method update of dict object at 0x72a9ccf29240> | Operating System |
| hitachienergy | txpert_hub_coretec_4_firmware | 2.2.1 | <built-in method update of dict object at 0x72a9ccf28500> | Operating System |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:hitachienergy:txpert_hub_coretec_4_firmware:2.0.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:hitachienergy:txpert_hub_coretec_4_firmware:2.0.1:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:hitachienergy:txpert_hub_coretec_4_firmware:2.1.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:hitachienergy:txpert_hub_coretec_4_firmware:2.1.1:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:hitachienergy:txpert_hub_coretec_4_firmware:2.1.2:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:hitachienergy:txpert_hub_coretec_4_firmware:2.1.3:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:hitachienergy:txpert_hub_coretec_4_firmware:2.2.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:hitachienergy:txpert_hub_coretec_4_firmware:2.2.1:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| No | cpe:2.3:h:hitachienergy:txpert_hub_coretec_4:-:*:*:*:*:*:*:* |