Arbitrary File Write Vulnerability in McFeeder Server by Hitachi Energy
CVE-2023-2621

6.5MEDIUM

Key Information:

Vendor: Hitachi
Status: MACH System Software
Vendor: CVE Published:; 1 November 2023

Summary

The McFeeder server, included in the SSW package from Hitachi Energy, is vulnerable to an arbitrary file write flaw due to the use of an outdated third-party library. This vulnerability can be exploited by an authenticated attacker who uploads a maliciously crafted ZIP archive through the network to the McFeeder service endpoint, potentially enabling unauthorized file manipulation on the system.

Affected Version(s)

MACH System Software 5.0 < 7.17.0.0

References

https://publisher.hitachienergy.com/preview?DocumentId=8D...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 1, 2023
Vulnerability Reserved
May 10, 2023