Remote Procedure Call Vulnerability in Hitachi Energy InspectSetup Service
CVE-2023-2622

2.7LOW

Key Information:

Vendor: Hitachi
Status: Mach System Software
Vendor: CVE Published:; 1 November 2023

Summary

An authorization bypass vulnerability exists in the InspectSetup service of Hitachi Energy, where authenticated clients can exploit the remote procedure call (RPC) interface. This enables low-privilege users to read arbitrary files on the main computer system, bypassing the normal access controls and posing a potential risk to sensitive information.

Affected Version(s)

MACH System Software 7.10.0.0 <= 7.18.0.0

References

https://publisher.hitachienergy.com/preview?DocumentId=8D...

CVSS V3.1

Score:

2.7

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 1, 2023
Vulnerability Reserved
May 10, 2023