CVE-2021-40340 HIGH

Published: 2022-01-28 | Last Modified: 2024-11-21 | Status: Modified

Description

Information Exposure vulnerability in Hitachi Energy LinkOne application, due to a misconfiguration in the ASP server exposes server and ASP.net information, an attacker that manages to exploit this vulnerability can use the exposed information as a reconnaissance for further exploitation. This issue affects: Hitachi Energy LinkOne 3.20; 3.22; 3.23; 3.24; 3.25; 3.26.

Additional Descriptions (1)

Una vulnerabilidad de Exposición de Información en la aplicación Hitachi Energy LinkOne, debido a una configuración inapropiada en el servidor ASP se expone información del servidor y de ASP.net, un atacante que consiga explotar esta vulnerabilidad puede usar la información expuesta como reconocimiento para su posterior explotación. Este problema afecta a: Hitachi Energy LinkOne versiones 3.20; 3.22; 3.23; 3.24; 3.25; 3.26

CVSS Metrics

Base Score: 7.5 (HIGH)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector	NETWORK
Attack Complexity	LOW
Privileges Required	NONE
User Interaction	NONE
Scope	UNCHANGED
Confidentiality Impact	HIGH
Integrity Impact	NONE
Availability Impact	NONE

Source: [email protected]

Type: Primary

Exploitability Score: 3.9

Impact Score: 3.6

Base Score: 5.0 (MEDIUM)

AV:N/AC:L/Au:N/C:P/I:N/A:N

Access Vector	NETWORK
Access Complexity	LOW
Authentication	NONE
Confidentiality Impact	PARTIAL
Integrity Impact	NONE
Availability Impact	NONE

Source: [email protected]

Type: Primary

Exploitability Score: 10.0

Impact Score: 2.9

Weaknesses

Source	Type	Description
[email protected]	Primary	en CWE-200

Affected Products

Vendor	Product	Version	Update	Type
hitachi	linkone	3.20	<built-in method update of dict object at 0x72a9cd079400>	Application
hitachi	linkone	3.22	<built-in method update of dict object at 0x72a9b0737940>	Application
hitachi	linkone	3.23	<built-in method update of dict object at 0x72a9b0737b00>	Application
hitachi	linkone	3.24	<built-in method update of dict object at 0x72a9cc5570c0>	Application
hitachi	linkone	3.25	<built-in method update of dict object at 0x72a9cd0791c0>	Application
hitachi	linkone	3.26	<built-in method update of dict object at 0x72a9cd07bd40>	Application

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:hitachi:linkone:3.20:::::::*`
Yes	`cpe:2.3:a:hitachi:linkone:3.22:::::::*`
Yes	`cpe:2.3:a:hitachi:linkone:3.23:::::::*`
Yes	`cpe:2.3:a:hitachi:linkone:3.24:::::::*`
Yes	`cpe:2.3:a:hitachi:linkone:3.25:::::::*`
Yes	`cpe:2.3:a:hitachi:linkone:3.26:::::::*`

References

https://search.abb.com/library/Download.aspx?DocumentID=8DBD000079&LanguageCode=en&DocumentPartId=&Action=Launch
Source: [email protected]

Vendor Advisory
https://search.abb.com/library/Download.aspx?DocumentID=8DBD000079&LanguageCode=en&DocumentPartId=&Action=Launch
Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory