All CISA Advisories, EN

Hitachi Energy SDM600

View CSAF

1. EXECUTIVE SUMMARY

  • CVSS v3 8.0
  • ATTENTION: Exploitable from adjacent network
  • Vendor: Hitachi Energy
  • Equipment: SDM600
  • Vulnerabilities: Origin Validation Error, Incorrect Authorization

2. RISK EVALUATION

Successful exploitation of these vulnerabilities could allow an attacker to escalate privileges and access sensitive information.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

Hitachi Energy reports that the following products are affected:

  • Hitachi Energy SDM600: Versions prior to 1.3.4

3.2 Vulnerability Overview

3.2.1 ORIGIN VALIDATION ERROR CWE-346

A vulnerability exists in the too permissive HTTP response header web server settings of the SDM600. An attacker can take advantage of this and possibly carry out privileged actions and access sensitive information.

CVE-2024-2377 has been assigned to this vulnerability. A CVSS v3 base score of 7.6 has been assigned; the CVSS vector string is (CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H).

3.2.2 INCORRECT AUTHORIZATION CWE-863

A vulnerability exists in the web-authentication component of the SDM600. If exploited an attacker could escalate privileges on affected installations.

CVE-2024-2378 has been assigned to this vulnerability. A CVSS v3 base score of 8.0 has been assigned; the CVSS vector string is (CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H).

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from All CISA Advisories

Read the original article: