Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
HTTP Response Splitting in Hitachi Energy’s MSM Product
Vulnerability Description
A vulnerability exists in the http web interface where the web interface does not validate data in an HTTP header. This causes a possible HTTP response splitting, which if exploited could lead an attacker to channel down harmful code into the user’s web browser, such as to steal the session cookies. Thus, an attacker who successfully makes an MSM user who has already established a session to MSM web interface clicks a forged link to the MSM web interface, e.g., the link is sent per E-Mail, could trick the user into downloading malicious software onto his computer. This issue affects: Hitachi Energy MSM V2.2 and prior versions.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
Vulnerability Type
HTTP头部中CRLF序列转义处理不恰当(HTTP响应分割)
Vulnerability Title
Hitachi Energy MSM 注入漏洞
Vulnerability Description
Hitachi Energy MSM是日本日立制作所(Hitachi)公司的用于监督、管理和分析新装置中所有类型的高压开关设备的性能,以及现有高压资产的改造解决方案。 Hitachi Energy MSM 2.2及之前版本存在注入漏洞,该漏洞源于web 界面不验证 HTTP 标头中的数据,攻击者利用该漏洞可以将有害代码引导到用户的 Web 浏览器,窃取会话 cookie等。
CVSS Information
N/A
Vulnerability Type
N/A