A vulnerability exists in the file upload validation part of Hitachi Energy TXpert Hub CoreTec 4 product. The vulnerability allows an attacker or malicious agent who manages to gain access to the system and obtain an account with sufficient privilege to upload a malicious firmware to the product. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0; 2.0.1; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1.
Se presenta una vulnerabilidad en la parte de comprobaciĆ³n de carga de archivos del producto Hitachi Energy TXpert Hub CoreTec 4. La vulnerabilidad permite que un atacante o agente malicioso que consiga acceder al sistema y obtener una cuenta con suficientes privilegios pueda cargar un firmware malicioso en el producto. Este problema afecta a: Hitachi Energy TXpert Hub CoreTec 4 versiones 2.0.0; 2.0.1; 2.1.0; 2.1.2; 2.1.3; 2.2.0; 2.2.1
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
| Attack Vector | LOCAL |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | HIGH |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | HIGH |
| Integrity Impact | HIGH |
| Availability Impact | HIGH |
AV:L/AC:L/Au:N/C:C/I:C/A:C
| Access Vector | LOCAL |
|---|---|
| Access Complexity | LOW |
| Authentication | NONE |
| Confidentiality Impact | COMPLETE |
| Integrity Impact | COMPLETE |
| Availability Impact | COMPLETE |
| Source | Type | Description |
|---|---|---|
| [email protected] | Secondary |
en
CWE-494
|
| [email protected] | Primary |
en
CWE-434
|
| Vendor | Product | Version | Update | Type |
|---|---|---|---|---|
| hitachienergy | txpert_hub_coretec_4_firmware | 2.0.0 | <built-in method update of dict object at 0x72a9cc662340> | Operating System |
| hitachienergy | txpert_hub_coretec_4_firmware | 2.0.1 | <built-in method update of dict object at 0x72a9cd08c2c0> | Operating System |
| hitachienergy | txpert_hub_coretec_4_firmware | 2.1.0 | <built-in method update of dict object at 0x72a9b0e0eb40> | Operating System |
| hitachienergy | txpert_hub_coretec_4_firmware | 2.1.1 | <built-in method update of dict object at 0x72a9cd08e100> | Operating System |
| hitachienergy | txpert_hub_coretec_4_firmware | 2.1.2 | <built-in method update of dict object at 0x72a9cc663600> | Operating System |
| hitachienergy | txpert_hub_coretec_4_firmware | 2.1.3 | <built-in method update of dict object at 0x72a9cc661ec0> | Operating System |
| hitachienergy | txpert_hub_coretec_4_firmware | 2.2.0 | <built-in method update of dict object at 0x72a9cd08d900> | Operating System |
| hitachienergy | txpert_hub_coretec_4_firmware | 2.2.1 | <built-in method update of dict object at 0x72a9cd08f1c0> | Operating System |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:hitachienergy:txpert_hub_coretec_4_firmware:2.0.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:hitachienergy:txpert_hub_coretec_4_firmware:2.0.1:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:hitachienergy:txpert_hub_coretec_4_firmware:2.1.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:hitachienergy:txpert_hub_coretec_4_firmware:2.1.1:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:hitachienergy:txpert_hub_coretec_4_firmware:2.1.2:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:hitachienergy:txpert_hub_coretec_4_firmware:2.1.3:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:hitachienergy:txpert_hub_coretec_4_firmware:2.2.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:hitachienergy:txpert_hub_coretec_4_firmware:2.2.1:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| No | cpe:2.3:h:hitachienergy:txpert_hub_coretec_4:-:*:*:*:*:*:*:* |