CVE-2023-2622

Summary

Authenticated clients can read arbitrary files on the MAIN Computer system using the remote procedure call (RPC) of the InspectSetup service endpoint. The low privilege client is then allowed to read arbitrary files that they do not have authorization to read.

Affected Software

VendorProductVersion RangeStatus
Hitachi EnergyMACH System Software7.10.0.0 <= 7.18.0.0affected

Weaknesses

  • CWE-668: CWE-668 Exposure of Resource to Wrong Sphere

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References