Local File Enumeration Vulnerability in eSOMS by Hitachi Energy
CVE-2023-5514

5.3MEDIUM

Key Information:

Vendor: Hitachi
Status: eSOMS
Vendor: CVE Published:; 1 November 2023

Summary

The eSOMS product by Hitachi Energy suffers from a local file enumeration vulnerability that can be exploited through manipulated parameter queries related to report generation. Attackers can leverage this flaw to disclose sensitive information about the local file system structure, potentially leading to further security risks. It is essential for users to implement proper input validation and restrict access to sensitive functionalities to mitigate this issue.

Affected Version(s)

eSOMS 6.0 <= 6.3.13

References

https://publisher.hitachienergy.com/preview?DocumentId=8D...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 1, 2023
Vulnerability Reserved
Oct 11, 2023