CVE-2023-2625: A vulnerability exists that can be exploited by an authenticated client that is connected to the same network segment as the CoreTec 4, having any...

9.0 CVSS

Description

A vulnerability exists that can be exploited by an authenticated client that is connected to the same network segment as the CoreTec 4, having any level of access VIEWER to ADMIN. To exploit the vulnerability the attacker can inject shell commands through a particular field of the web user interface that will be executed by the system.

Classification

CVE ID: CVE-2023-2625

CVSS Base Severity: CRITICAL

CVSS Base Score: 9.0

Affected Products

Vendor: Hitachi Energy

Product: TXpert Hub CoreTec 4

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 15.28% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://search.abb.com/library/Download.aspx?DocumentID=8DBD000163&LanguageCode=en&DocumentPartId=&Action=Launch

Timeline

2024-12-05 00:31:31 UTC
CVE

A vulnerability exists that can be exploited by an authenticated client that is connected to the same network segment as the CoreTec 4, having any...