CVE-2021-35530

User authentication bypass in TXpert Hub CoreTec 4

CVSS 6 MEDIUMEPSS 0.2%CWE-288

Vexday Risk Score

13Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 6EPSS 0.2%KEV nãoPoC —Patch —

Ciclo de vida

07 jun 2022Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

A vulnerability in the application authentication and authorization mechanism in Hitachi Energy's TXpert Hub CoreTec 4, that depends on a token validation of the session identifier, allows an unauthorized modified message to be executed in the server enabling an unauthorized actor to change an existing user password, and further gain authorized access into the system via login mechanism. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0 2.1.0; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1.

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L

Produtos afetados

Hitachi Energy · TXpert Hub CoreTec 4 version

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://search.abb.com/library/Download.aspx?DocumentID=8DBD000080&LanguageCode=en&DocumentPartId=&Action=Launch&utm_campaign=&utm_content=2022.04_5763_Cybersecurity%20Advisory%20Update_May_03&utm_medium=email&utm_source=Eloqua