Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cross Site Request Forgery (CSRF) in Hitachi Energy’s MSM Product
Vulnerability Description
A vulnerability exists in the HTTP web interface where the web interface does not sufficiently verify if a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. This cause a Cross Site Request Forgery (CSRF), which if exploited could lead an attacker to gain unauthorized access to the web application and perform an unwanted operation on it without the knowledge of the legitimate user. An attacker, who successfully makes an MSM user who has already established a session to MSM web interface clicks a forged link to the MSM web interface, e.g., link is sent per E-Mail, could perform harmful command on MSM through its web server interface. This issue affects: Hitachi Energy MSM V2.2 and prior versions.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
Vulnerability Type
跨站请求伪造(CSRF)
Vulnerability Title
Hitachi Energy MSM 跨站请求伪造漏洞
Vulnerability Description
Hitachi Energy MSM是瑞士日立能源(Hitachi)公司的用于监督、管理和分析新装置中所有类型的高压开关设备的性能,以及现有高压资产的改造解决方案。 Hitachi Energy MSM 2.2及之前版本存在安全漏洞,该漏洞源于Web 界面无法充分验证提交请求的用户是否有意提供了格式正确、有效、一致的请求。
CVSS Information
N/A
Vulnerability Type
N/A