CVE-2021-35531

Опубликовано: 07 июн. 2022

Источник: nvd

CVSS3: 6.7

CVSS2: 7.2

EPSS Низкий

Описание

Improper Input Validation vulnerability in a particular configuration setting field of Hitachi Energy TXpert Hub CoreTec 4 product, allows an attacker with access to an authorized user with ADMIN or ENGINEER role rights to inject an OS command that is executed by the system. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0; 2.0.1; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:hitachienergy:txpert_hub_coretec_4_firmware:2.0.0:*:*:*:*:*:*:*

cpe:2.3:o:hitachienergy:txpert_hub_coretec_4_firmware:2.0.1:*:*:*:*:*:*:*

cpe:2.3:o:hitachienergy:txpert_hub_coretec_4_firmware:2.1.0:*:*:*:*:*:*:*

cpe:2.3:o:hitachienergy:txpert_hub_coretec_4_firmware:2.1.1:*:*:*:*:*:*:*

cpe:2.3:o:hitachienergy:txpert_hub_coretec_4_firmware:2.1.2:*:*:*:*:*:*:*

cpe:2.3:o:hitachienergy:txpert_hub_coretec_4_firmware:2.1.3:*:*:*:*:*:*:*

cpe:2.3:o:hitachienergy:txpert_hub_coretec_4_firmware:2.2.0:*:*:*:*:*:*:*

cpe:2.3:o:hitachienergy:txpert_hub_coretec_4_firmware:2.2.1:*:*:*:*:*:*:*

cpe:2.3:h:hitachienergy:txpert_hub_coretec_4:-:*:*:*:*:*:*:*

EPSS

Процентиль: 36%

0.00155

Низкий

6.7 Medium

CVSS3

7.2 High

CVSS2

Дефекты

CWE-20

CWE-78

Связанные уязвимости

GHSA-6fw8-3wxj-mg3j