CVE-2021-40339 HIGH

Published: 2022-01-28 | Last Modified: 2024-11-21 | Status: Modified

Description

Configuration vulnerability in Hitachi Energy LinkOne application due to the lack of HTTP Headers, allows an attacker that manages to exploit this vulnerability to retrieve sensitive information. This issue affects: Hitachi Energy LinkOne 3.20; 3.22; 3.23; 3.24; 3.25; 3.26.

Additional Descriptions (1)

Una vulnerabilidad de configuración en la aplicación Hitachi Energy LinkOne debido a una falta de encabezados HTTP, permite a un atacante que consiga explotar esta vulnerabilidad recuperar información confidencial. Este problema afecta a: Hitachi Energy LinkOne versiones 3.20; 3.22; 3.23; 3.24; 3.25; 3.26

CVSS Metrics

Base Score: 7.5 (HIGH)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector	NETWORK
Attack Complexity	LOW
Privileges Required	NONE
User Interaction	NONE
Scope	UNCHANGED
Confidentiality Impact	HIGH
Integrity Impact	NONE
Availability Impact	NONE

Source: [email protected]

Type: Primary

Exploitability Score: 3.9

Impact Score: 3.6

Base Score: 5.0 (MEDIUM)

AV:N/AC:L/Au:N/C:P/I:N/A:N

Access Vector	NETWORK
Access Complexity	LOW
Authentication	NONE
Confidentiality Impact	PARTIAL
Integrity Impact	NONE
Availability Impact	NONE

Source: [email protected]

Type: Primary

Exploitability Score: 10.0

Impact Score: 2.9

Weaknesses

Source	Type	Description
[email protected]	Primary	en NVD-CWE-Other

Affected Products

Vendor	Product	Version	Update	Type
hitachi	linkone	3.20	<built-in method update of dict object at 0x72a9cc76f080>	Application
hitachi	linkone	3.22	<built-in method update of dict object at 0x72a949bdfb40>	Application
hitachi	linkone	3.23	<built-in method update of dict object at 0x72a949bdf780>	Application
hitachi	linkone	3.24	<built-in method update of dict object at 0x72a9b0b6bc40>	Application
hitachi	linkone	3.25	<built-in method update of dict object at 0x72a9cc76e680>	Application
hitachi	linkone	3.26	<built-in method update of dict object at 0x72a9cc76c440>	Application

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:hitachi:linkone:3.20:::::::*`
Yes	`cpe:2.3:a:hitachi:linkone:3.22:::::::*`
Yes	`cpe:2.3:a:hitachi:linkone:3.23:::::::*`
Yes	`cpe:2.3:a:hitachi:linkone:3.24:::::::*`
Yes	`cpe:2.3:a:hitachi:linkone:3.25:::::::*`
Yes	`cpe:2.3:a:hitachi:linkone:3.26:::::::*`

References

https://search.abb.com/library/Download.aspx?DocumentID=8DBD000079&LanguageCode=en&DocumentPartId=&Action=Launch
Source: [email protected]

Vendor Advisory
https://search.abb.com/library/Download.aspx?DocumentID=8DBD000079&LanguageCode=en&DocumentPartId=&Action=Launch
Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory