CVE-2023-2621

The McFeeder server (distributed as part of SSW package), is susceptible to an arbitrary file write vulnerability on the MAIN computer
system. This vulnerability stems from the use of an outdated version of a third-party library, which is used to extract archives uploaded to McFeeder server. An authenticated malicious client can
exploit this vulnerability by uploading a crafted ZIP archive via the
network to McFeeders service endpoint.
Path Traversal
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Hitachi EnergyCNA
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 30%
VendorProductVersion
hitachienergymodular_advanced_control_for_hvdc
5.0 ≤
𝑥
< 7.17.0.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://publisher.hitachienergy.com/preview?DocumentId=8DBD000177&languageCode=en&Preview=true
https://publisher.hitachienergy.com/preview?DocumentId=8DBD000177&languageCode=en&Preview=true