CVE-2023-2622

EUVD-2023-34093
Authenticated clients can read arbitrary files on the MAIN Computer
system using the remote procedure call (RPC) of the InspectSetup
service endpoint. The low privilege client is then allowed to read arbitrary files that they do not have authorization to read.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
2.7 LOW
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Hitachi EnergyCNA
2.7 LOW
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 32%
Affected Products (NVD)
VendorProductVersion
hitachienergymodular_advanced_control_for_hvdc
7.10.0.0 ≤
𝑥
≤ 7.18.0.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://publisher.hitachienergy.com/preview?DocumentId=8DBD000177&languageCode=en&Preview=true
https://publisher.hitachienergy.com/preview?DocumentId=8DBD000177&languageCode=en&Preview=true