Vulnerabilities > Hitachienergy
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-04 | CVE-2023-5768 | Cross-site Scripting vulnerability in Hitachienergy products A vulnerability exists in the HCI IEC 60870-5-104 that affects the RTU500 series product versions listed below. | 6.1 |
| 2023-12-01 | CVE-2023-4518 | Improper Validation of Specified Quantity in Input vulnerability in Hitachienergy products A vulnerability exists in the input validation of the GOOSE messages where out of range values received and processed by the IED caused a reboot of the device. | 7.5 |
| 2023-11-01 | CVE-2023-2621 | Path Traversal vulnerability in Hitachienergy Modular Advanced Control for Hvdc 5.0/7.10.0.0 The McFeeder server (distributed as part of SSW package), is susceptible to an arbitrary file write vulnerability on the MAIN computer system. | 6.5 |
| 2023-11-01 | CVE-2023-2622 | Unspecified vulnerability in Hitachienergy Modular Advanced Control for Hvdc 7.10.0.0/7.17.0.0/7.18.0.0 Authenticated clients can read arbitrary files on the MAIN Computer system using the remote procedure call (RPC) of the InspectSetup service endpoint. | 4.3 |
| 2023-11-01 | CVE-2023-5514 | Information Exposure Through an Error Message vulnerability in Hitachienergy Esoms The response messages received from the eSOMS report generation using certain parameter queries with full file path can be abused for enumerating the local file system structure. | 5.3 |
| 2023-11-01 | CVE-2023-5515 | Unspecified vulnerability in Hitachienergy Esoms The responses for web queries with certain parameters disclose internal path of resources. | 5.3 |
| 2023-11-01 | CVE-2023-5516 | Unspecified vulnerability in Hitachienergy Esoms Poorly constructed webap requests and URI components with special characters trigger unhandled errors and exceptions, disclosing information about the underlying technology and other sensitive information details. | 5.3 |
| 2023-09-11 | CVE-2023-4816 | Improper Authentication vulnerability in Hitachienergy Asset Suite A vulnerability exists in the Equipment Tag Out authentication, when configured with Single Sign-On (SSO) with password validation in T214. | 8.8 |
| 2023-07-26 | CVE-2022-2502 | Improper Input Validation vulnerability in Hitachienergy Rtu500 Firmware A vulnerability exists in the HCI IEC 60870-5-104 function included in certain versions of the RTU500 series product. | 7.5 |
| 2023-07-26 | CVE-2022-4608 | Out-of-bounds Write vulnerability in Hitachienergy Rtu500 Firmware A vulnerability exists in HCI IEC 60870-5-104 function included in certain versions of the RTU500 series product. | 7.5 |