CVE-2021-35532

Опубликовано: 07 июн. 2022

Источник: nvd

CVSS3: 6.7

CVSS2: 7.2

EPSS Низкий

Описание

A vulnerability exists in the file upload validation part of Hitachi Energy TXpert Hub CoreTec 4 product. The vulnerability allows an attacker or malicious agent who manages to gain access to the system and obtain an account with sufficient privilege to upload a malicious firmware to the product. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0; 2.0.1; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:hitachienergy:txpert_hub_coretec_4_firmware:2.0.0:*:*:*:*:*:*:*

cpe:2.3:o:hitachienergy:txpert_hub_coretec_4_firmware:2.0.1:*:*:*:*:*:*:*

cpe:2.3:o:hitachienergy:txpert_hub_coretec_4_firmware:2.1.0:*:*:*:*:*:*:*

cpe:2.3:o:hitachienergy:txpert_hub_coretec_4_firmware:2.1.1:*:*:*:*:*:*:*

cpe:2.3:o:hitachienergy:txpert_hub_coretec_4_firmware:2.1.2:*:*:*:*:*:*:*

cpe:2.3:o:hitachienergy:txpert_hub_coretec_4_firmware:2.1.3:*:*:*:*:*:*:*

cpe:2.3:o:hitachienergy:txpert_hub_coretec_4_firmware:2.2.0:*:*:*:*:*:*:*

cpe:2.3:o:hitachienergy:txpert_hub_coretec_4_firmware:2.2.1:*:*:*:*:*:*:*

cpe:2.3:h:hitachienergy:txpert_hub_coretec_4:-:*:*:*:*:*:*:*

EPSS

Процентиль: 5%

0.00021

Низкий

6.7 Medium

CVSS3

7.2 High

CVSS2

Дефекты

CWE-494

CWE-434

Связанные уязвимости

GHSA-c4j3-6346-fqqx