Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
User authentication bypass in TXpert Hub CoreTec 4
Vulnerability Description
A vulnerability in the application authentication and authorization mechanism in Hitachi Energy's TXpert Hub CoreTec 4, that depends on a token validation of the session identifier, allows an unauthorized modified message to be executed in the server enabling an unauthorized actor to change an existing user password, and further gain authorized access into the system via login mechanism. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0 2.1.0; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L
Vulnerability Type
使用候选路径或通道进行的认证绕过
Vulnerability Title
Hitachi Energy TXpert Hub CoreTec 4 安全漏洞
Vulnerability Description
Hitachi Energy TXpert Hub CoreTec 4是日本日立制作所(Hitachi)公司的一种数字变压器监控和诊断设备。 Hitachi Energy TXpert Hub CoreTec 4存在安全漏洞,该漏洞源于应用程序身份验证和授权机制中的会话标识符令牌验证存在问题,未经授权的参与者能够更改现有用户密码, 并利用该漏洞通过登录机制进一步获得对系统的授权访问。
CVSS Information
N/A
Vulnerability Type
N/A