CVE-2023-2622

Authenticated clients can read arbitrary files on the MAIN Computer
system using the remote procedure call (RPC) of the InspectSetup
service endpoint. The low privilege client is then allowed to read arbitrary files that they do not have authorization to read.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
2.7 LOW
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Hitachi EnergyCNA
2.7 LOW
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 33%
VendorProductVersion
hitachienergymodular_advanced_control_for_hvdc
7.10.0.0 ≤
𝑥
≤ 7.18.0.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://publisher.hitachienergy.com/preview?DocumentId=8DBD000177&languageCode=en&Preview=true
https://publisher.hitachienergy.com/preview?DocumentId=8DBD000177&languageCode=en&Preview=true