CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-2625
https://notcve.org/view.php?id=CVE-2023-2625
28 Jun 2023 — A vulnerability exists that can be exploited by an authenticated client that is connected to the same network segment as the CoreTec 4, having any level of access VIEWER to ADMIN. To exploit the vulnerability the attacker can inject shell commands through a particular field of the web user interface that will be executed by the system. • https://search.abb.com/library/Download.aspx?DocumentID=8DBD000163&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 74EXPL: 0CVE-2022-3353 – IEC 61850 MMS-Server Vulnerability in multiple Hitachi Energy Products
https://notcve.org/view.php?id=CVE-2022-3353
21 Feb 2023 — A vulnerability exists in the IEC 61850 communication stack that affects multiple Hitachi Energy products. An attacker could exploit the vulnerability by using a specially crafted message sequence, to force the IEC 61850 MMS-server communication stack, to stop accepting new MMS-client connections. Already existing/established client-server connections are not affected. List of affected CPEs: * cpe:2.3:o:hitachienergy:fox61x_tego1:r15b08:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:fox61x_tego1:r2a16_3:*:*:*:*:*:... • https://search.abb.com/library/Download.aspx?DocumentID=8DBD000124&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-404: Improper Resource Shutdown or Release •
CVSS: 7.2EPSS: 0%CPEs: 9EXPL: 0CVE-2021-35530 – User authentication bypass in TXpert Hub CoreTec 4
https://notcve.org/view.php?id=CVE-2021-35530
07 Jun 2022 — A vulnerability in the application authentication and authorization mechanism in Hitachi Energy's TXpert Hub CoreTec 4, that depends on a token validation of the session identifier, allows an unauthorized modified message to be executed in the server enabling an unauthorized actor to change an existing user password, and further gain authorized access into the system via login mechanism. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0 2.1.0; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1. Un... • https://search.abb.com/library/Download.aspx?DocumentID=8DBD000080&LanguageCode=en&DocumentPartId=&Action=Launch&utm_campaign=&utm_content=2022.04_5763_Cybersecurity%20Advisory%20Update_May_03&utm_medium=email&utm_source=Eloqua • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 7.2EPSS: 0%CPEs: 9EXPL: 0CVE-2021-35531 – Remote Code Execution in TXpert Hub CoreTec 4
https://notcve.org/view.php?id=CVE-2021-35531
07 Jun 2022 — Improper Input Validation vulnerability in a particular configuration setting field of Hitachi Energy TXpert Hub CoreTec 4 product, allows an attacker with access to an authorized user with ADMIN or ENGINEER role rights to inject an OS command that is executed by the system. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0; 2.0.1; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1. Una vulnerabilidad de comprobación de entrada inapropiada en un campo de configuración particular del producto Hitac... • https://search.abb.com/library/Download.aspx?DocumentID=8DBD000080&LanguageCode=en&DocumentPartId=&Action=Launch&utm_campaign=&utm_content=2022.04_5763_Cybersecurity%20Advisory%20Update_May_03&utm_medium=email&utm_source=Eloqua • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.2EPSS: 0%CPEs: 9EXPL: 0CVE-2021-35532 – Firmware upload verification bypass in TXpert Hub CoreTec 4
https://notcve.org/view.php?id=CVE-2021-35532
07 Jun 2022 — A vulnerability exists in the file upload validation part of Hitachi Energy TXpert Hub CoreTec 4 product. The vulnerability allows an attacker or malicious agent who manages to gain access to the system and obtain an account with sufficient privilege to upload a malicious firmware to the product. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0; 2.0.1; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1. Se presenta una vulnerabilidad en la parte de comprobación de carga de archivos del producto H... • https://search.abb.com/library/Download.aspx?DocumentID=8DBD000080&LanguageCode=en&DocumentPartId=&Action=Launch&utm_campaign=&utm_content=2022.04_5763_Cybersecurity%20Advisory%20Update_May_03&utm_medium=email&utm_source=Eloqua • CWE-434: Unrestricted Upload of File with Dangerous Type CWE-494: Download of Code Without Integrity Check •