CVE-2023-4816

EPSS 0.01%
Veröffentlicht 11.09.2023 08:15:07
Zuletzt bearbeitet 21.11.2024 08:36:01
Quelle cybersecurity@hitachienergy.co
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability exists in the Equipment Tag Out authentication, when configured with Single Sign-On (SSO) with password validation in T214. This vulnerability can be exploited by an authenticated user per-forming an Equipment Tag Out holder action (Accept, Release, and Clear) for another user and entering an arbitrary password in the holder action confirmation dialog box. Despite entering an arbitrary password in the confirmation box, the system will execute the selected holder action.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Hitachienergy ≫ Asset Suite Version <= 9.6.3.11.1

Hitachienergy ≫ Asset Suite Version9.6.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.016

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cybersecurity@hitachienergy.com	6.9	1.7	4.7	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:H/A:L

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://images.go.hitachienergy.com/Web/ABBEnterpriseSoftware/%7B70b3d323-4866-42e1-8a75-58996729c1d4%7D_8DBD000172-VU-2023-23_Asset_Suite_Tagout_vulnerability_Rev1.pdf

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-4816

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-4816

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-4816

EUVD