Firmware upload verification bypass in TXpert Hub CoreTec 4

A vulnerability exists in the file upload validation part of Hitachi Energy TXpert Hub CoreTec 4 product. The vulnerability allows an attacker or malicious agent who manages to gain access to the system and obtain an account with sufficient privilege to upload a malicious firmware to the product. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0; 2.0.1; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1.

N/A

下载代码缺少完整性检查

Hitachi Energy TXpert Hub CoreTec 4 代码问题漏洞

Hitachi Energy TXpert Hub CoreTec 4是日本日立（Hitachi）公司的一种数字变压器监控和诊断设备。 Hitachi Energy TXpert Hub CoreTec 4 存在安全漏洞，该漏洞源于文件上传验证部分存在问题。攻击者可以利用该漏洞通过恶意代理设法访问系统并获得具有足够权限的帐户以将恶意固件上传到产品。

N/A

N/A