1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Hitachi Energy
- Equipment: AFS65x, AFF66x, AFS67x, AFR67x Series
- Vulnerabilities: Incorrect Calculation, Integer Overflow or Wraparound, Improper Encoding or Escaping of Output, Exposure of Resource to Wrong Sphere
2. RISK EVALUATION
Successful exploitation of these vulnerabilities by an attacker could have a high impact on availability, integrity, and confidentiality of the targeted devices.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following Hitachi Energy products and versions are affected:
- AFF66X FW: 03.0.02 and prior
- AFS66X-S: All versions
- AFS660-C: All versions
- AFS66X-B: All versions
- AFS670-V20: All versions
- AFS65X: All versions
- AFS67X: All versions
- AFR677: All versions
3.2 Vulnerability Overview
3.2.1 INCORRECT CALCULATION CWE-682
In Expat (aka libexpat) before 2.4.3, a left shift by 29(or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).
CVE-2021-45960 has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
3.2.2 INTEGER OVERFLOW OR WRAPAROUND CWE-190
In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.
CVE-2021-46143 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: