Cross-Site Scripting Vulnerability in RTU500 Series from Hitachi Energy
CVE-2023-5769

5.4MEDIUM

Key Information:

Vendor: Hitachi
Status: RTU500
Vendor: CVE Published:; 14 December 2023

Summary

A vulnerability has been identified in the webserver of Hitachi Energy's RTU500 series products, where user input is not adequately sanitized. This oversight allows a malicious actor to execute cross-site scripting attacks, potentially leading to unauthorized actions or data exposure within the affected systems.

Affected Version(s)

RTU500 RTU500 series CMU Firmware version 12.0.1 – 12.0.14

RTU500 RTU500 series CMU Firmware version 12.2.1 – 12.2.11

RTU500 RTU500 series CMU Firmware version 12.4.1 – 12.4.11

References

https://publisher.hitachienergy.com/preview?DocumentId=8D...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 14, 2023
Vulnerability Reserved
Oct 25, 2023