PT-2022-11217 · Hitachi Energy · Hitachi Energy Linkone
Published
2022-01-28
·
Updated
2022-08-09
·
CVE-2021-40338
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Hitachi Energy LinkOne versions 3.20 through 3.26
Description
The issue is caused by a web server misconfiguration that enables debug mode. When an attacker generates errors during a query operation, the full path of the filesystem directory is revealed.
Recommendations
For versions 3.20 through 3.26, disable the debug mode to prevent the revelation of the filesystem directory path. Consider restricting access to the web server to minimize the risk of exploitation.
Fix
Generation of Error Message Containing Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hitachi Energy Linkone