CVE-2023-2622
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Authenticated clients can read arbitrary files on the MAIN Computer
system using the remote procedure call (RPC) of the InspectSetup
service endpoint. The low privilege client is then allowed to read arbitrary files that they do not have authorization to read.
Los clientes autenticados pueden leer archivos arbitrarios en el sistema informático PRINCIPAL mediante Remote Procedure Call (RPC) del endpoint del servicio InspectSetup. Luego, el cliente con privilegios bajos puede leer archivos arbitrarios para los que no tiene autorización.
Authenticated clients can read arbitrary files on the MAIN Computer system using the remote procedure call (RPC) of the InspectSetup service endpoint. The low privilege client is then allowed to read arbitrary files that they do not have authorization to read.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2023-05-10 CVE Reserved
- 2023-11-01 CVE Published
- 2025-02-27 CVE Updated
- 2025-04-15 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-668: Exposure of Resource to Wrong Sphere
CAPEC
- CAPEC-497: File Discovery
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Hitachienergy Search vendor "Hitachienergy" | Modular Advanced Control For Hvdc Search vendor "Hitachienergy" for product "Modular Advanced Control For Hvdc" | >= 7.10.0.0 <= 7.18.0.0 Search vendor "Hitachienergy" for product "Modular Advanced Control For Hvdc" and version " >= 7.10.0.0 <= 7.18.0.0" | - |
Affected
| ||||||