CVE-2023-2625

8HIGH

Key Information

Vendor: Hitachi
Status: TXpert Hub CoreTec 4
Vendor: CVE Published:; 28 June 2023

Summary

A vulnerability exists that can be exploited by an authenticated client that is connected to the same network segment as the CoreTec 4, having any level of access VIEWER to ADMIN. To exploit the vulnerability the attacker can inject shell commands through a particular field of the web user interface that will be executed by the system.

Affected Version(s)

TXpert Hub CoreTec 4 = TXpert Hub CoreTec 4 version 2.0.*

TXpert Hub CoreTec 4 = TXpert Hub CoreTec 4 version 2.1.*

TXpert Hub CoreTec 4 = TXpert Hub CoreTec 4 version 2.2.*

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Jun 28, 2023
Vulnerability Reserved.
May 10, 2023

Collectors

NVD DatabaseMitre Database