Overview
- Description
- Authenticated clients can read arbitrary files on the MAIN Computer system using the remote procedure call (RPC) of the InspectSetup service endpoint. The low privilege client is then allowed to read arbitrary files that they do not have authorization to read.
- Source
- cybersecurity@hitachienergy.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 4.3
- Impact score
- 1.4
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
- Severity
- MEDIUM
Weaknesses
- nvd@nist.gov
- NVD-CWE-noinfo
- cybersecurity@hitachienergy.com
- CWE-668
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hitachienergy:modular_advanced_control_for_hvdc:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "462D2B72-044A-40AB-85F5-A2E082E04D01",
"versionEndIncluding": "7.18.0.0",
"versionStartIncluding": "7.10.0.0"
}
],
"operator": "OR"
}
]
}
]