PT-2022-10467 · Hitachi Energy · Hitachi Energy Txpert Hub Coretec 4
Published
2022-06-07
·
Updated
2023-06-26
·
CVE-2021-35531
CVSS v2.0
7.2
High
| Vector | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Hitachi Energy TXpert Hub CoreTec 4 versions 2.0.0 through 2.2.1
Description
The issue is related to an Improper Input Validation vulnerability in a particular configuration setting field of the Hitachi Energy TXpert Hub CoreTec 4 product. This vulnerability allows an attacker with access to an authorized user with ADMIN or ENGINEER role rights to inject an OS command that is executed by the system.
Recommendations
For versions 2.0.0 through 2.2.1, consider restricting access to the configuration setting field to minimize the risk of exploitation until a patch is available. As a temporary workaround, limit the privileges of users with ADMIN or ENGINEER role rights to reduce the potential impact of an attack.
Fix
OS Command Injection
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Hitachi Energy Txpert Hub Coretec 4