IM
IronMonkey Threat Research

CVE-2021-40338 MEDIUM

Published: 2022-01-28 | Last Modified: 2024-11-21 | Status: Modified

Description

Hitachi Energy LinkOne product, has a vulnerability due to a web server misconfiguration, that enables debug mode and reveals the full path of the filesystem directory when an attacker generates errors during a query operation. This issue affects: Hitachi Energy LinkOne 3.20; 3.22; 3.23; 3.24; 3.25; 3.26.

Additional Descriptions (1)

El producto Hitachi Energy LinkOne, presenta una vulnerabilidad debida a una configuración errónea del servidor web, que habilita el modo de depuración y revela la ruta completa del directorio del sistema de archivos cuando un atacante genera errores durante una operación de consulta. Este problema afecta a: Hitachi Energy LinkOne versiones 3.20; 3.22; 3.23; 3.24; 3.25; 3.26

CVSS Metrics

Base Score: 5.3 (MEDIUM)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack VectorNETWORK
Attack ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
ScopeUNCHANGED
Confidentiality ImpactLOW
Integrity ImpactNONE
Availability ImpactNONE

Source: [email protected]

Type: Primary

Exploitability Score: 3.9

Impact Score: 1.4

Base Score: 5.0 (MEDIUM)

AV:N/AC:L/Au:N/C:P/I:N/A:N

Access VectorNETWORK
Access ComplexityLOW
AuthenticationNONE
Confidentiality ImpactPARTIAL
Integrity ImpactNONE
Availability ImpactNONE

Source: [email protected]

Type: Primary

Exploitability Score: 10.0

Impact Score: 2.9

Weaknesses

Source Type Description
[email protected] Primary
en CWE-209

Affected Products

Vendor Product Version Update Type
hitachi linkone 3.20 <built-in method update of dict object at 0x72a9cd0c0940> Application
hitachi linkone 3.22 <built-in method update of dict object at 0x72a9b0735180> Application
hitachi linkone 3.23 <built-in method update of dict object at 0x72a9b0db5040> Application
hitachi linkone 3.24 <built-in method update of dict object at 0x72a9b0737500> Application
hitachi linkone 3.25 <built-in method update of dict object at 0x72a9cd0c2840> Application
hitachi linkone 3.26 <built-in method update of dict object at 0x72a9cd0c2300> Application

Affected Configurations

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:hitachi:linkone:3.20:*:*:*:*:*:*:*
Yes cpe:2.3:a:hitachi:linkone:3.22:*:*:*:*:*:*:*
Yes cpe:2.3:a:hitachi:linkone:3.23:*:*:*:*:*:*:*
Yes cpe:2.3:a:hitachi:linkone:3.24:*:*:*:*:*:*:*
Yes cpe:2.3:a:hitachi:linkone:3.25:*:*:*:*:*:*:*
Yes cpe:2.3:a:hitachi:linkone:3.26:*:*:*:*:*:*:*

References

Notification
Message here