{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-2625", "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17", "state": "PUBLISHED", "assignerShortName": "Hitachi Energy", "dateReserved": "2023-05-10T10:31:57.900Z", "datePublished": "2023-06-28T16:15:46.529Z", "dateUpdated": "2024-12-04T20:57:56.402Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "TXpert Hub CoreTec 4", "vendor": "Hitachi Energy", "versions": [{"status": "affected", "version": "TXpert Hub CoreTec 4 version 2.0.*"}, {"status": "affected", "version": "TXpert Hub CoreTec 4 version 2.1.*"}, {"status": "affected", "version": "TXpert Hub CoreTec 4 version 2.2.*"}, {"status": "affected", "version": "TXpert Hub CoreTec 4 version 2.3.*"}, {"status": "affected", "version": "TXpert Hub CoreTec 4 version 2.4.*"}, {"status": "unaffected", "version": "TXpert Hub CoreTec 4 version 3.0.1"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A vulnerability exists that can be exploited by an authenticated client that is connected to the same network segment as the CoreTec 4, having any level of access VIEWER to ADMIN. To exploit the vulnerability the attacker can inject shell commands through a particular field of the web user interface that will be executed by the system."}], "value": "A vulnerability exists that can be exploited by an authenticated client that is connected to the same network segment as the CoreTec 4, having any level of access VIEWER to ADMIN. To exploit the vulnerability the attacker can inject shell commands through a particular field of the web user interface that will be executed by the system."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "e383dce4-0c27-4495-91c4-0db157728d17", "shortName": "Hitachi Energy", "dateUpdated": "2023-06-28T16:15:46.529Z"}, "references": [{"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000163&LanguageCode=en&DocumentPartId=&Action=Launch"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The vulnerability is remediated in&nbsp;TXpert Hub CoreTec 4 version 3.0.1."}], "value": "The vulnerability is remediated in\u00a0TXpert Hub CoreTec 4 version 3.0.1."}], "source": {"discovery": "UNKNOWN"}, "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\nApply mitigation as described in the cybersecurity advisory Mitigation Factors/Workarounds Section.\n\n<br>"}], "value": "\nApply mitigation as described in the cybersecurity advisory Mitigation Factors/Workarounds Section.\n\n\n"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:26:09.908Z"}, "title": "CVE Program Container", "references": [{"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000163&LanguageCode=en&DocumentPartId=&Action=Launch", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-12-04T20:56:20.897497Z", "id": "CVE-2023-2625", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-04T20:57:56.402Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000163&LanguageCode=en&DocumentPartId=&Action=Launch", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:26:09.908Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-2625", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-12-04T20:56:20.897497Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-04T20:56:34.245Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 9, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Hitachi Energy", "product": "TXpert Hub CoreTec 4", "versions": [{"status": "affected", "version": "TXpert Hub CoreTec 4 version 2.0.*"}, {"status": "affected", "version": "TXpert Hub CoreTec 4 version 2.1.*"}, {"status": "affected", "version": "TXpert Hub CoreTec 4 version 2.2.*"}, {"status": "affected", "version": "TXpert Hub CoreTec 4 version 2.3.*"}, {"status": "affected", "version": "TXpert Hub CoreTec 4 version 2.4.*"}, {"status": "unaffected", "version": "TXpert Hub CoreTec 4 version 3.0.1"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "The vulnerability is remediated in\u00a0TXpert Hub CoreTec 4 version 3.0.1.", "supportingMedia": [{"type": "text/html", "value": "The vulnerability is remediated in&nbsp;TXpert Hub CoreTec 4 version 3.0.1.", "base64": false}]}], "references": [{"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000163&LanguageCode=en&DocumentPartId=&Action=Launch"}], "workarounds": [{"lang": "en", "value": "\nApply mitigation as described in the cybersecurity advisory Mitigation Factors/Workarounds Section.\n\n\n", "supportingMedia": [{"type": "text/html", "value": "\n\nApply mitigation as described in the cybersecurity advisory Mitigation Factors/Workarounds Section.\n\n<br>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "A vulnerability exists that can be exploited by an authenticated client that is connected to the same network segment as the CoreTec 4, having any level of access VIEWER to ADMIN. To exploit the vulnerability the attacker can inject shell commands through a particular field of the web user interface that will be executed by the system.", "supportingMedia": [{"type": "text/html", "value": "A vulnerability exists that can be exploited by an authenticated client that is connected to the same network segment as the CoreTec 4, having any level of access VIEWER to ADMIN. To exploit the vulnerability the attacker can inject shell commands through a particular field of the web user interface that will be executed by the system.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}], "providerMetadata": {"orgId": "e383dce4-0c27-4495-91c4-0db157728d17", "shortName": "Hitachi Energy", "dateUpdated": "2023-06-28T16:15:46.529Z"}}}, "cveMetadata": {"cveId": "CVE-2023-2625", "state": "PUBLISHED", "dateUpdated": "2024-12-04T20:57:56.402Z", "dateReserved": "2023-05-10T10:31:57.900Z", "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17", "datePublished": "2023-06-28T16:15:46.529Z", "assignerShortName": "Hitachi Energy"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:abb:txpert_hub_coretec_4_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "65472456-E16E-454B-86D3-84F2469D3809", "versionEndExcluding": "3.0.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:abb:txpert_hub_coretec_4:-:*:*:*:*:*:*:*", "matchCriteriaId": "9597F443-3693-451E-9EDA-66092ADB78E3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability exists that can be exploited by an authenticated client that is connected to the same network segment as the CoreTec 4, having any level of access VIEWER to ADMIN. To exploit the vulnerability the attacker can inject shell commands through a particular field of the web user interface that will be executed by the system."}], "id": "CVE-2023-2625", "lastModified": "2024-11-21T07:58:57.377", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 6.0, "source": "cybersecurity@hitachienergy.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-06-28T17:15:10.627", "references": [{"source": "cybersecurity@hitachienergy.com", "tags": ["Vendor Advisory"], "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000163&LanguageCode=en&DocumentPartId=&Action=Launch"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000163&LanguageCode=en&DocumentPartId=&Action=Launch"}], "sourceIdentifier": "cybersecurity@hitachienergy.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "cybersecurity@hitachienergy.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}