Rewterz

Rewterz Threat Advisory – ICS: Multiple Schneider Electric Products Vulnerabilities

November 17, 2023

Severity

Medium

Analysis Summary

CVE-2023-2621 CVSS:6.5

Hitachi Energy MACH System Software could allow a remote attacker traverse directories on the system, caused by improper validation of archive contents by the McFeeder server in the MAIN computer system. By uploading a specially-crafted archive file to the McFeeder’s service endpoint containing “dot dot” sequences (/../), an attacker could exploit this vulnerability to write arbitrary files to the system.

CVE-2023-2622 CVSS:2.7

Hitachi Energy MACH System Software could allow a remote authenticated attacker to traverse directories on the system, caused by improper validation of user requests by the MAIN Computer system in the InspectSetup service endpoint. An attacker could send a specially-crafted URL request using the using the remote procedure call protocol containing “dot dot” sequences (/../) to view arbitrary files on the system.

Impact

  • Information Theft

Indicators Of Compromise

CVE

  • CVE-2023-2621
  • CVE-2023-2622

Affected Vendors

Hitachi

Affected Products

  • Hitachi Energy MACH System Software 5
  • Hitachi Energy MACH System Software 6
  • Hitachi Energy MACH System Software 7.16
  • Hitachi Energy MACH System Software 7.10.0.0
  • Hitachi Energy MACH System Software 7.18.0.0

Remediation

Refer to HITACHI ENERGY Advisory for patch, upgrade or suggested workaround information.

Hitachi Energy Advisory