PT-2023-2012 · Hitachi · Hitachi Ops Center Viewpoint+4
Published
2023-02-28
·
Updated
2023-03-13
·
CVE-2020-36652
CVSS v3.1
7.1
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Hitachi Automation Director versions 8.2.0-00 through 10.6.1-00
Hitachi Infrastructure Analytics Advisor versions 2.0.0-00 through 4.0.0-00
Hitachi Ops Center Automator versions prior to 10.9.1-00
Hitachi Ops Center Analyzer versions prior to 10.9.1-00
Hitachi Ops Center Viewpoint versions prior to 10.9.1-00
Description
The issue is related to incorrect default permissions, allowing local users to read and write specific files. This can be exploited by an attacker to access sensitive information.
Recommendations
For Hitachi Automation Director versions 8.2.0-00 through 10.6.1-00, update to a version after 10.6.1-00.
For Hitachi Infrastructure Analytics Advisor versions 2.0.0-00 through 4.0.0-00, update to a version after 4.0.0-00.
For Hitachi Ops Center Automator versions prior to 10.9.1-00, update to version 10.9.1-00 or later.
For Hitachi Ops Center Analyzer versions prior to 10.9.1-00, update to version 10.9.1-00 or later.
For Hitachi Ops Center Viewpoint versions prior to 10.9.1-00, update to version 10.9.1-00 or later.
Fix
Incorrect Default Permissions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hitachi Automation Director
Hitachi Infrastructure Analytics Advisor
Hitachi Ops Center Analyzer
Hitachi Ops Center Automator
Hitachi Ops Center Viewpoint