CVE-2023-2622 MEDIUM

Published: 2023-11-01 | Last Modified: 2024-11-21 | Status: Modified

Description

Authenticated clients can read arbitrary files on the MAIN Computer system using the remote procedure call (RPC) of the InspectSetup service endpoint. The low privilege client is then allowed to read arbitrary files that they do not have authorization to read.

Additional Descriptions (1)

Los clientes autenticados pueden leer archivos arbitrarios en el sistema informático PRINCIPAL mediante Remote Procedure Call (RPC) del endpoint del servicio InspectSetup. Luego, el cliente con privilegios bajos puede leer archivos arbitrarios para los que no tiene autorización.

CVSS Metrics

Base Score: 4.3 (MEDIUM)

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Attack Vector	NETWORK
Attack Complexity	LOW
Privileges Required	LOW
User Interaction	NONE
Scope	UNCHANGED
Confidentiality Impact	LOW
Integrity Impact	NONE
Availability Impact	NONE

Source: [email protected]

Type: Primary

Exploitability Score: 2.8

Impact Score: 1.4

Weaknesses

Source	Type	Description
[email protected]	Secondary	en CWE-668
[email protected]	Primary	en NVD-CWE-noinfo

Affected Products

Vendor	Product	Version	Update	Type
hitachienergy	modular_advanced_control_for_hvdc	*	<built-in method update of dict object at 0x72a99a7c4700>	Application

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:hitachienergy:modular_advanced_control_for_hvdc::::::::`

References

https://publisher.hitachienergy.com/preview?DocumentId=8DBD000177&languageCode=en&Preview=true
Source: [email protected]

Vendor Advisory
https://publisher.hitachienergy.com/preview?DocumentId=8DBD000177&languageCode=en&Preview=true
Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory