gsd-2023-5769
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
A vulnerability exists in the webserver that affects the
RTU500 series product versions listed below. A malicious
actor could perform cross-site scripting on the webserver
due to user input being improperly sanitized.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-5769",
"id": "GSD-2023-5769"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-5769"
],
"details": "\nA vulnerability exists in the webserver that affects the \nRTU500 series product versions listed below. A malicious \nactor could perform cross-site scripting on the webserver \ndue to user input being improperly sanitized.\n\n\n",
"id": "GSD-2023-5769",
"modified": "2023-12-13T01:20:50.363823Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@hitachienergy.com",
"ID": "CVE-2023-5769",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RTU500",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "RTU500 series CMU Firmware version 12.0.1 \u2013 12.0.14"
},
{
"version_affected": "=",
"version_value": "RTU500 series CMU Firmware version 12.2.1 \u2013 12.2.11"
},
{
"version_affected": "=",
"version_value": "RTU500 series CMU Firmware version 12.4.1 \u2013 12.4.11"
},
{
"version_affected": "=",
"version_value": "RTU500 series CMU Firmware version 12.6.1 \u2013 12.6.9 "
},
{
"version_affected": "=",
"version_value": "RTU500 series CMU Firmware version 12.7.1 \u2013 12.7.6"
},
{
"version_affected": "=",
"version_value": "RTU500 series CMU Firmware version 13.2.1 \u2013 13.2.6 "
},
{
"version_affected": "=",
"version_value": "RTU500 series CMU Firmware version 13.4.1 \u2013 13.4.3 "
}
]
}
}
]
},
"vendor_name": "Hitachi Energy"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "\nA vulnerability exists in the webserver that affects the \nRTU500 series product versions listed below. A malicious \nactor could perform cross-site scripting on the webserver \ndue to user input being improperly sanitized.\n\n\n"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000176\u0026languageCode=en\u0026Preview=true",
"refsource": "MISC",
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000176\u0026languageCode=en\u0026Preview=true"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hitachienergy:rtu520_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2E81BEA6-121C-48D7-BAA9-91D652E6BC1A",
"versionEndIncluding": "12.0.14",
"versionStartIncluding": "12.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:rtu520_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2469A78A-6F37-4F4B-BED8-060914B2D0A4",
"versionEndIncluding": "12.2.11",
"versionStartIncluding": "12.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:rtu520_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9E6934B-EBB2-45FB-8E4A-7D360CBA0F92",
"versionEndIncluding": "12.4.11",
"versionStartIncluding": "12.4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:rtu520_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40D7C64F-54CC-4183-8420-011E2787541F",
"versionEndIncluding": "12.6.9",
"versionStartIncluding": "12.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:rtu520_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BDD81EF6-9D45-4A2D-BFAA-D10005AEA046",
"versionEndIncluding": "12.7.6",
"versionStartIncluding": "12.7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:rtu520_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D5EFAE2-81D8-4E67-8515-137EAE453D6D",
"versionEndIncluding": "13.2.6",
"versionStartIncluding": "13.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:rtu520_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC740F55-F482-4BC2-9D39-D27F40EBB7C9",
"versionEndIncluding": "13.4.3",
"versionStartIncluding": "13.4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hitachienergy:rtu520:-:*:*:*:*:*:*:*",
"matchCriteriaId": "11AF93AD-200F-47A6-BA2C-F82165AFB50D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hitachienergy:rtu530_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9F00BAD-06B1-49BE-BD41-61DE749E1506",
"versionEndIncluding": "12.0.14",
"versionStartIncluding": "12.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:rtu530_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79BC5D4A-09B2-41FB-962A-CF580181EB2C",
"versionEndIncluding": "12.2.11",
"versionStartIncluding": "12.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:rtu530_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A30CDB2F-E0CC-4440-9E59-AB339F94996F",
"versionEndIncluding": "12.4.11",
"versionStartIncluding": "12.4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:rtu530_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D6BC4865-4064-421C-A746-8CB3D9DBAD7B",
"versionEndIncluding": "12.6.9",
"versionStartIncluding": "12.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:rtu530_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5995FE68-15EA-4CB6-A43C-49582E4DF58C",
"versionEndIncluding": "12.7.6",
"versionStartIncluding": "12.7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:rtu530_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E5803D1-164F-40E2-A348-21538EE1787F",
"versionEndIncluding": "13.2.6",
"versionStartIncluding": "13.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:rtu530_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "74AE224C-8D72-4C5A-ABB7-CE447E26992C",
"versionEndIncluding": "13.4.3",
"versionStartIncluding": "13.4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hitachienergy:rtu530:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FC6F9377-E6BB-4DEA-9D87-0AF792CBAC57",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hitachienergy:rtu540_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BBD5E8FC-3FB5-4300-BBF4-DDAF573F20F2",
"versionEndIncluding": "12.0.14",
"versionStartIncluding": "12.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:rtu540_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "803838B5-058E-436B-8CE5-BF711456F96B",
"versionEndIncluding": "12.2.11",
"versionStartIncluding": "12.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:rtu540_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A0361A98-1496-4763-A489-DCAE0D0DF613",
"versionEndIncluding": "12.4.11",
"versionStartIncluding": "12.4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:rtu540_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7DECEA34-8A96-4943-B351-5080C4D34996",
"versionEndIncluding": "12.6.9",
"versionStartIncluding": "12.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:rtu540_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF24A6B2-D9CF-44DE-A470-A09753D3A1B8",
"versionEndIncluding": "12.7.6",
"versionStartIncluding": "12.7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:rtu540_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B890C79-2919-48F4-9431-3B92C48089C0",
"versionEndIncluding": "13.2.6",
"versionStartIncluding": "13.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:rtu540_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "90834F09-E09B-46BE-94BC-5812E63DE98D",
"versionEndIncluding": "13.4.3",
"versionStartIncluding": "13.4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hitachienergy:rtu540:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6EEFDEF0-883D-402B-9CD4-333A145E3C75",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hitachienergy:rtu560_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AC22007-6E39-4C5A-A392-139B43F819C0",
"versionEndIncluding": "12.0.14",
"versionStartIncluding": "12.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:rtu560_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6BDB5A36-9B2F-43F9-A81B-506C4660151F",
"versionEndIncluding": "12.2.11",
"versionStartIncluding": "12.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:rtu560_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F25FBFD5-BC45-49C9-87D4-A9C05405490D",
"versionEndIncluding": "12.4.11",
"versionStartIncluding": "12.4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:rtu560_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "63096BB3-C0F9-4089-B11C-DE958B150DA8",
"versionEndIncluding": "12.6.9",
"versionStartIncluding": "12.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:rtu560_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CC2029C0-3710-4CBB-8CBE-9EBA5793506A",
"versionEndIncluding": "12.7.6",
"versionStartIncluding": "12.7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:rtu560_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CDFF9898-F8FF-4361-A22C-DD5E47054FED",
"versionEndIncluding": "13.2.6",
"versionStartIncluding": "13.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:rtu560_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "18211DB4-DA86-4489-AFE1-48514160C1D4",
"versionEndIncluding": "13.4.3",
"versionStartIncluding": "13.4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hitachienergy:rtu560:-:*:*:*:*:*:*:*",
"matchCriteriaId": "495DCBD6-D2D1-4295-81D1-6ACA1B2CA223",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"descriptions": [
{
"lang": "en",
"value": "\nA vulnerability exists in the webserver that affects the \nRTU500 series product versions listed below. A malicious \nactor could perform cross-site scripting on the webserver \ndue to user input being improperly sanitized.\n\n\n"
},
{
"lang": "es",
"value": "Existe una vulnerabilidad en el servidor web que afecta a las versiones de productos de RTU500 series que se enumeran a continuaci\u00f3n. Un actor malintencionado podr\u00eda realizar Cross-Site Scripting en el servidor web debido a que la entrada del usuario se sanitizo incorrectamente."
}
],
"id": "CVE-2023-5769",
"lastModified": "2023-12-18T19:03:54.960",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "cybersecurity@hitachienergy.com",
"type": "Secondary"
}
]
},
"published": "2023-12-14T17:15:09.920",
"references": [
{
"source": "cybersecurity@hitachienergy.com",
"tags": [
"Vendor Advisory"
],
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000176\u0026languageCode=en\u0026Preview=true"
}
],
"sourceIdentifier": "cybersecurity@hitachienergy.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
}
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.