Vendor CVEs
Hitachi
All CVEs
382 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-5781 | 0.00 | — | 0.00 | Feb 25, 2026 | Information Exposure Vulnerability in Hitachi Ops Center API Configuration Manager, Hitachi Configuration Manager, Hitachi Device Manager allows Session Hijacking.This issue affects Hitachi Ops Center API Configuration Manager: from 10.0.0-00 before 11.0.5-00; Hitachi… | |||
| CVE-2026-2460 | 0.00 | — | 0.00 | Feb 24, 2026 | A vulnerability exists in REB500 for an authenticated user with low-level privileges to access and alter the content of directories by using the DAC protocol that the user is not authorized to do so. | |||
| CVE-2025-39205 | 0.00 | — | 0.00 | Jun 24, 2025 | A vulnerability exists in the IEC 61850 in MicroSCADA X SYS600 product. The certificate validation of the TLS protocol allows remote Man-in-the-Middle attack due to missing proper validation. | |||
| CVE-2025-39204 | 0.00 | — | 0.00 | Jun 24, 2025 | A vulnerability exists in the Web interface of the MicroSCADA X SYS600 product. The filtering query in the Web interface can be malformed, so returning data can leak unauthorized information to the user. | |||
| CVE-2025-39203 | 0.00 | — | 0.00 | Jun 24, 2025 | A vulnerability exists in the IEC 61850 of the MicroSCADA X SYS600 product. An IEC 61850-8 crafted message content from IED or remote system can cause a denial of service resulting in disconnection loop. | |||
| CVE-2025-39202 | 0.00 | — | 0.00 | Jun 24, 2025 | A vulnerability exists in in the Monitor Pro interface of the MicroSCADA X SYS600 product. An authenticated user with low privileges can see and overwrite files causing information leak and data corruption. | |||
| CVE-2025-39201 | 0.00 | — | 0.00 | Jun 24, 2025 | A vulnerability exists in MicroSCADA X SYS600 product. If exploited this could allow a local unauthenticated attacker to tamper a system file, making denial of Notify service. | |||
| CVE-2024-7941 | 0.00 | — | 0.00 | Aug 27, 2024 | An HTTP parameter may contain a URL value and could cause the web application to redirect the request to the specified URL. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials. | |||
| CVE-2024-7940 | 0.00 | — | 0.01 | Aug 27, 2024 | The product exposes a service that is intended for local only to all network interfaces without any authentication. | |||
| CVE-2024-3982 | 0.00 | — | 0.00 | Aug 27, 2024 | An attacker with local access to machine where MicroSCADA X SYS600 is installed, could enable the session logging supporting the product and try to exploit a session hijacking of an already established session. By default, the session logging level is not enabled and only users… | |||
| CVE-2024-3980 | 0.00 | — | 0.01 | Aug 27, 2024 | The MicroSCADA Pro/X SYS600 product allows an authenticated user input to control or influence paths or file names that are used in filesystem operations. If exploited the vulnerability allows the attacker to access or modify system files or other files that are critical to the… | |||
| CVE-2024-4872 | 0.00 | — | 0.01 | Aug 27, 2024 | A vulnerability exists in the query validation of the MicroSCADA Pro/X SYS600 product. If exploited this could allow an authenticated attacker to inject code towards persistent data. Note that to successfully exploit this vulnerability an attacker must have a valid credential. | |||
| CVE-2024-7125 | 0.00 | — | 0.00 | Aug 27, 2024 | Authentication Bypass vulnerability in Hitachi Ops Center Common Services.This issue affects Hitachi Ops Center Common Services: from 10.9.3-00 before 11.0.2-01. | |||
| CVE-2024-5828 | 0.00 | — | 0.00 | Aug 6, 2024 | Expression Language Injection vulnerability in Hitachi Tuning Manager on Windows, Linux, Solaris allows Code Injection.This issue affects Hitachi Tuning Manager: before 8.8.7-00. | |||
| CVE-2024-2819 | 0.00 | — | 0.00 | Jul 2, 2024 | Incorrect Default Permissions, Improper Preservation of Permissions vulnerability in Hitachi Ops Center Common Services allows File Manipulation.This issue affects Hitachi Ops Center Common Services: before 11.0.2-00. | |||
| CVE-2024-28984 | 0.00 | — | 0.00 | Jun 26, 2024 | Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.1.0.0 and 9.3.0.7, including 8.3.x allow a malicious URL to inject content into the Analyzer plugin interface. | |||
| CVE-2024-28983 | 0.00 | — | 0.00 | Jun 26, 2024 | Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.1.0.0 and 9.3.0.7, including 8.3.x allow a malicious URL to inject content into the Analyzer plugin interface. | |||
| CVE-2024-28982 | 0.00 | — | 0.00 | Jun 26, 2024 | Hitachi Vantara Pentaho Business Analytics Server versions before 10.1.0.0 and 9.3.0.7, including 8.3.x do not correctly protect the ACL service endpoint of the Pentaho User Console against XML External Entity Reference. | |||
| CVE-2024-28020 | 0.00 | — | 0.00 | Jun 11, 2024 | A user/password reuse vulnerability exists in the FOXMAN-UN/UNEM application and server management. If exploited a malicious high-privileged user could use the passwords and login information through complex routines to extend access on the server and other services. | |||
| CVE-2024-28024 | 0.00 | — | 0.00 | Jun 11, 2024 | A vulnerability exists in the FOXMAN-UN/UNEM in which sensitive information is stored in cleartext within a resource that might be accessible to another control sphere. | |||
| CVE-2024-28022 | 0.00 | — | 0.00 | Jun 11, 2024 | A vulnerability exists in the UNEM server / APIGateway that if exploited allows a malicious user to perform an arbitrary number of authentication attempts using different passwords, and eventually gain access to other components in the same security realm using the targeted… | |||
| CVE-2024-28021 | 0.00 | — | 0.00 | Jun 11, 2024 | A vulnerability exists in the FOXMAN-UN/UNEM server that affects the message queueing mechanism’s certificate validation. If exploited an attacker could spoof a trusted entity causing a loss of confidentiality and integrity. | |||
| CVE-2024-2011 | 0.00 | — | 0.00 | Jun 11, 2024 | A heap-based buffer overflow vulnerability exists in the FOXMAN-UN/UNEM that if exploited will generally lead to a denial of service but can be used to execute arbitrary code, which is usually outside the scope of a program's implicit security policy | |||
| CVE-2024-2012 | 0.00 | — | 0.01 | Jun 11, 2024 | vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker could use to allow unintended commands or code to be executed on the UNEM server allowing sensitive data to be read or modified or could cause other unintended behavior | |||
| CVE-2024-2013 | 0.00 | — | 0.01 | Jun 11, 2024 | An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway component that if exploited allows attackers without any access to interact with the services and the post-authentication attack surface. | |||
| CVE-2023-5617 | 0.00 | — | 0.00 | Feb 28, 2024 | Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.6, including 9.5.x and 8.3.x, display the version of Tomcat when a server error is encountered. | |||
| CVE-2024-0715 | 0.00 | — | 0.00 | Feb 20, 2024 | Expression Language Injection vulnerability in Hitachi Global Link Manager on Windows allows Code Injection.This issue affects Hitachi Global Link Manager: before 8.8.7-03. | |||
| CVE-2024-21840 | 0.00 | — | 0.00 | Jan 30, 2024 | Incorrect Default Permissions vulnerability in Hitachi Storage Plug-in for VMware vCenter allows local users to read and write specific files. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.0.0 through 04.9.2. | |||
| CVE-2023-6457 | 0.00 | — | 0.00 | Jan 16, 2024 | Incorrect Default Permissions vulnerability in Hitachi Tuning Manager on Windows (Hitachi Tuning Manager server component) allows local users to read and write specific files.This issue affects Hitachi Tuning Manager: before 8.8.5-04. | |||
| CVE-2023-49107 | 0.00 | — | 0.00 | Jan 16, 2024 | Generation of Error Message Containing Sensitive Information vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Agent modules).This issue affects Hitachi Device Manager: before 8.8.5-04. | |||
| CVE-2023-49106 | 0.00 | — | 0.00 | Jan 16, 2024 | Missing Password Field Masking vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Agent component).This issue affects Hitachi Device Manager: before 8.8.5-04. | |||
| CVE-2022-3864 | 0.00 | — | 0.00 | Jan 4, 2024 | A vulnerability exists in the Relion update package signature validation. A tampered update package could cause the IED to restart. After restart the device is back to normal operation. An attacker could exploit the vulnerability by first gaining access to the system with… | |||
| CVE-2022-2081 | 0.00 | — | 0.01 | Jan 4, 2024 | A vulnerability exists in the HCI Modbus TCP function included in the product versions listed above. If the HCI Modbus TCP is enabled and configured, an attacker could exploit the vulnerability by sending a specially crafted message to the RTU500 in a high rate, causing the… | |||
| CVE-2023-6711 | 0.00 | — | 0.01 | Dec 19, 2023 | Vulnerability exists in SCI IEC 60870-5-104 and HCI IEC 60870-5-104 that affects the RTU500 series product versions listed below. Specially crafted messages sent to the mentioned components are not validated properly and can result in buffer overflow and as final consequence to… | |||
| CVE-2023-1514 | 0.00 | — | 0.00 | Dec 19, 2023 | A vulnerability exists in the component RTU500 Scripting interface. When a client connects to a server using TLS, the server presents a certificate. This certificate links a public key to the identity of the service and is signed by a Certification Authority (CA), allowing the… | |||
| CVE-2023-5769 | 0.00 | — | 0.00 | Dec 14, 2023 | A vulnerability exists in the webserver that affects the RTU500 series product versions listed below. A malicious actor could perform cross-site scripting on the webserver due to user input being improperly sanitized. | |||
| CVE-2023-3517 | 0.00 | — | 0.01 | Dec 12, 2023 | Hitachi Vantara Pentaho Data Integration & Analytics versions before 9.5.0.1 and 9.3.0.5, including 8.3.x does not restrict JNDI identifiers during the creation of XActions, allowing control of system level data sources. | |||
| CVE-2023-5808 | 0.00 | — | 0.01 | Dec 4, 2023 | SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in a Storage administrative role are able to access HNAS configuration backup and diagnostic data, that would normally be barred to that… | |||
| CVE-2023-5768 | 0.00 | — | 0.00 | Dec 4, 2023 | A vulnerability exists in the HCI IEC 60870-5-104 that affects the RTU500 series product versions listed below. Incomplete or wrong received APDU frame layout may cause blocking on link layer. Error reason was an endless blocking when reading incoming frames on link layer … | |||
| CVE-2023-5767 | 0.00 | — | 0.00 | Dec 4, 2023 | A vulnerability exists in the webserver that affects the RTU500 series product versions listed below. A malicious actor could perform cross-site scripting on the webserver due to an RDT language file being improperly sanitized. | |||
| CVE-2021-46774 | 0.00 | — | 0.01 | Nov 14, 2023 | Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service. | |||
| CVE-2023-5516 | 0.00 | — | 0.00 | Nov 1, 2023 | Poorly constructed webap requests and URI components with special characters trigger unhandled errors and exceptions, disclosing information about the underlying technology and other sensitive information details. The website unintentionally reveals sensitive information… | |||
| CVE-2023-5515 | 0.00 | — | 0.00 | Nov 1, 2023 | The responses for web queries with certain parameters disclose internal path of resources. This information can be used to learn internal structure of the application and to further plot attacks against web servers and deployed web applications. | |||
| CVE-2023-5514 | 0.00 | — | 0.00 | Nov 1, 2023 | The response messages received from the eSOMS report generation using certain parameter queries with full file path can be abused for enumerating the local file system structure. | |||
| CVE-2023-2622 | 0.00 | — | 0.00 | Nov 1, 2023 | Authenticated clients can read arbitrary files on the MAIN Computer system using the remote procedure call (RPC) of the InspectSetup service endpoint. The low privilege client is then allowed to read arbitrary files that they do not have authorization to read. | |||
| CVE-2023-45780 | 0.00 | — | 0.00 | Oct 30, 2023 | In Print Service, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | |||
| CVE-2023-3440 | 0.00 | — | 0.00 | Oct 3, 2023 | Incorrect Default Permissions vulnerability in Hitachi JP1/Performance Management on Windows allows File Manipulation.This issue affects JP1/Performance Management - Manager: from 09-00 before 12-50-07; JP1/Performance Management - Base: from 09-00 through 10-50-*;… | |||
| CVE-2023-3967 | 0.00 | — | 0.01 | Oct 3, 2023 | Allocation of Resources Without Limits or Throttling vulnerability in Hitachi Ops Center Common Services on Linux allows DoS.This issue affects Hitachi Ops Center Common Services: before 10.9.3-00. | |||
| CVE-2023-3335 | 0.00 | — | 0.00 | Oct 3, 2023 | Insertion of Sensitive Information into Log File vulnerability in Hitachi Ops Center Administrator on Linux allows local users to gain sensitive information.This issue affects Hitachi Ops Center Administrator: before 10.9.3-00. | |||
| CVE-2023-2358 | 0.00 | — | 0.00 | Sep 26, 2023 | Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.5.0.0 and 9.3.0.4, including 8.3.x.x, saves passwords of the Hadoop Copy Files step in plaintext. |
- CVE-2025-5781Feb 25, 2026risk 0.00cvss —epss 0.00
Information Exposure Vulnerability in Hitachi Ops Center API Configuration Manager, Hitachi Configuration Manager, Hitachi Device Manager allows Session Hijacking.This issue affects Hitachi Ops Center API Configuration Manager: from 10.0.0-00 before 11.0.5-00; Hitachi…
- CVE-2026-2460Feb 24, 2026risk 0.00cvss —epss 0.00
A vulnerability exists in REB500 for an authenticated user with low-level privileges to access and alter the content of directories by using the DAC protocol that the user is not authorized to do so.
- CVE-2025-39205Jun 24, 2025risk 0.00cvss —epss 0.00
A vulnerability exists in the IEC 61850 in MicroSCADA X SYS600 product. The certificate validation of the TLS protocol allows remote Man-in-the-Middle attack due to missing proper validation.
- CVE-2025-39204Jun 24, 2025risk 0.00cvss —epss 0.00
A vulnerability exists in the Web interface of the MicroSCADA X SYS600 product. The filtering query in the Web interface can be malformed, so returning data can leak unauthorized information to the user.
- CVE-2025-39203Jun 24, 2025risk 0.00cvss —epss 0.00
A vulnerability exists in the IEC 61850 of the MicroSCADA X SYS600 product. An IEC 61850-8 crafted message content from IED or remote system can cause a denial of service resulting in disconnection loop.
- CVE-2025-39202Jun 24, 2025risk 0.00cvss —epss 0.00
A vulnerability exists in in the Monitor Pro interface of the MicroSCADA X SYS600 product. An authenticated user with low privileges can see and overwrite files causing information leak and data corruption.
- CVE-2025-39201Jun 24, 2025risk 0.00cvss —epss 0.00
A vulnerability exists in MicroSCADA X SYS600 product. If exploited this could allow a local unauthenticated attacker to tamper a system file, making denial of Notify service.
- CVE-2024-7941Aug 27, 2024risk 0.00cvss —epss 0.00
An HTTP parameter may contain a URL value and could cause the web application to redirect the request to the specified URL. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.
- CVE-2024-7940Aug 27, 2024risk 0.00cvss —epss 0.01
The product exposes a service that is intended for local only to all network interfaces without any authentication.
- CVE-2024-3982Aug 27, 2024risk 0.00cvss —epss 0.00
An attacker with local access to machine where MicroSCADA X SYS600 is installed, could enable the session logging supporting the product and try to exploit a session hijacking of an already established session. By default, the session logging level is not enabled and only users…
- CVE-2024-3980Aug 27, 2024risk 0.00cvss —epss 0.01
The MicroSCADA Pro/X SYS600 product allows an authenticated user input to control or influence paths or file names that are used in filesystem operations. If exploited the vulnerability allows the attacker to access or modify system files or other files that are critical to the…
- CVE-2024-4872Aug 27, 2024risk 0.00cvss —epss 0.01
A vulnerability exists in the query validation of the MicroSCADA Pro/X SYS600 product. If exploited this could allow an authenticated attacker to inject code towards persistent data. Note that to successfully exploit this vulnerability an attacker must have a valid credential.
- CVE-2024-7125Aug 27, 2024risk 0.00cvss —epss 0.00
Authentication Bypass vulnerability in Hitachi Ops Center Common Services.This issue affects Hitachi Ops Center Common Services: from 10.9.3-00 before 11.0.2-01.
- CVE-2024-5828Aug 6, 2024risk 0.00cvss —epss 0.00
Expression Language Injection vulnerability in Hitachi Tuning Manager on Windows, Linux, Solaris allows Code Injection.This issue affects Hitachi Tuning Manager: before 8.8.7-00.
- CVE-2024-2819Jul 2, 2024risk 0.00cvss —epss 0.00
Incorrect Default Permissions, Improper Preservation of Permissions vulnerability in Hitachi Ops Center Common Services allows File Manipulation.This issue affects Hitachi Ops Center Common Services: before 11.0.2-00.
- CVE-2024-28984Jun 26, 2024risk 0.00cvss —epss 0.00
Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.1.0.0 and 9.3.0.7, including 8.3.x allow a malicious URL to inject content into the Analyzer plugin interface.
- CVE-2024-28983Jun 26, 2024risk 0.00cvss —epss 0.00
Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.1.0.0 and 9.3.0.7, including 8.3.x allow a malicious URL to inject content into the Analyzer plugin interface.
- CVE-2024-28982Jun 26, 2024risk 0.00cvss —epss 0.00
Hitachi Vantara Pentaho Business Analytics Server versions before 10.1.0.0 and 9.3.0.7, including 8.3.x do not correctly protect the ACL service endpoint of the Pentaho User Console against XML External Entity Reference.
- CVE-2024-28020Jun 11, 2024risk 0.00cvss —epss 0.00
A user/password reuse vulnerability exists in the FOXMAN-UN/UNEM application and server management. If exploited a malicious high-privileged user could use the passwords and login information through complex routines to extend access on the server and other services.
- CVE-2024-28024Jun 11, 2024risk 0.00cvss —epss 0.00
A vulnerability exists in the FOXMAN-UN/UNEM in which sensitive information is stored in cleartext within a resource that might be accessible to another control sphere.
- CVE-2024-28022Jun 11, 2024risk 0.00cvss —epss 0.00
A vulnerability exists in the UNEM server / APIGateway that if exploited allows a malicious user to perform an arbitrary number of authentication attempts using different passwords, and eventually gain access to other components in the same security realm using the targeted…
- CVE-2024-28021Jun 11, 2024risk 0.00cvss —epss 0.00
A vulnerability exists in the FOXMAN-UN/UNEM server that affects the message queueing mechanism’s certificate validation. If exploited an attacker could spoof a trusted entity causing a loss of confidentiality and integrity.
- CVE-2024-2011Jun 11, 2024risk 0.00cvss —epss 0.00
A heap-based buffer overflow vulnerability exists in the FOXMAN-UN/UNEM that if exploited will generally lead to a denial of service but can be used to execute arbitrary code, which is usually outside the scope of a program's implicit security policy
- CVE-2024-2012Jun 11, 2024risk 0.00cvss —epss 0.01
vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker could use to allow unintended commands or code to be executed on the UNEM server allowing sensitive data to be read or modified or could cause other unintended behavior
- CVE-2024-2013Jun 11, 2024risk 0.00cvss —epss 0.01
An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway component that if exploited allows attackers without any access to interact with the services and the post-authentication attack surface.
- CVE-2023-5617Feb 28, 2024risk 0.00cvss —epss 0.00
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.6, including 9.5.x and 8.3.x, display the version of Tomcat when a server error is encountered.
- CVE-2024-0715Feb 20, 2024risk 0.00cvss —epss 0.00
Expression Language Injection vulnerability in Hitachi Global Link Manager on Windows allows Code Injection.This issue affects Hitachi Global Link Manager: before 8.8.7-03.
- CVE-2024-21840Jan 30, 2024risk 0.00cvss —epss 0.00
Incorrect Default Permissions vulnerability in Hitachi Storage Plug-in for VMware vCenter allows local users to read and write specific files. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.0.0 through 04.9.2.
- CVE-2023-6457Jan 16, 2024risk 0.00cvss —epss 0.00
Incorrect Default Permissions vulnerability in Hitachi Tuning Manager on Windows (Hitachi Tuning Manager server component) allows local users to read and write specific files.This issue affects Hitachi Tuning Manager: before 8.8.5-04.
- CVE-2023-49107Jan 16, 2024risk 0.00cvss —epss 0.00
Generation of Error Message Containing Sensitive Information vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Agent modules).This issue affects Hitachi Device Manager: before 8.8.5-04.
- CVE-2023-49106Jan 16, 2024risk 0.00cvss —epss 0.00
Missing Password Field Masking vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Agent component).This issue affects Hitachi Device Manager: before 8.8.5-04.
- CVE-2022-3864Jan 4, 2024risk 0.00cvss —epss 0.00
A vulnerability exists in the Relion update package signature validation. A tampered update package could cause the IED to restart. After restart the device is back to normal operation. An attacker could exploit the vulnerability by first gaining access to the system with…
- CVE-2022-2081Jan 4, 2024risk 0.00cvss —epss 0.01
A vulnerability exists in the HCI Modbus TCP function included in the product versions listed above. If the HCI Modbus TCP is enabled and configured, an attacker could exploit the vulnerability by sending a specially crafted message to the RTU500 in a high rate, causing the…
- CVE-2023-6711Dec 19, 2023risk 0.00cvss —epss 0.01
Vulnerability exists in SCI IEC 60870-5-104 and HCI IEC 60870-5-104 that affects the RTU500 series product versions listed below. Specially crafted messages sent to the mentioned components are not validated properly and can result in buffer overflow and as final consequence to…
- CVE-2023-1514Dec 19, 2023risk 0.00cvss —epss 0.00
A vulnerability exists in the component RTU500 Scripting interface. When a client connects to a server using TLS, the server presents a certificate. This certificate links a public key to the identity of the service and is signed by a Certification Authority (CA), allowing the…
- CVE-2023-5769Dec 14, 2023risk 0.00cvss —epss 0.00
A vulnerability exists in the webserver that affects the RTU500 series product versions listed below. A malicious actor could perform cross-site scripting on the webserver due to user input being improperly sanitized.
- CVE-2023-3517Dec 12, 2023risk 0.00cvss —epss 0.01
Hitachi Vantara Pentaho Data Integration & Analytics versions before 9.5.0.1 and 9.3.0.5, including 8.3.x does not restrict JNDI identifiers during the creation of XActions, allowing control of system level data sources.
- CVE-2023-5808Dec 4, 2023risk 0.00cvss —epss 0.01
SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in a Storage administrative role are able to access HNAS configuration backup and diagnostic data, that would normally be barred to that…
- CVE-2023-5768Dec 4, 2023risk 0.00cvss —epss 0.00
A vulnerability exists in the HCI IEC 60870-5-104 that affects the RTU500 series product versions listed below. Incomplete or wrong received APDU frame layout may cause blocking on link layer. Error reason was an endless blocking when reading incoming frames on link layer …
- CVE-2023-5767Dec 4, 2023risk 0.00cvss —epss 0.00
A vulnerability exists in the webserver that affects the RTU500 series product versions listed below. A malicious actor could perform cross-site scripting on the webserver due to an RDT language file being improperly sanitized.
- CVE-2021-46774Nov 14, 2023risk 0.00cvss —epss 0.01
Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service.
- CVE-2023-5516Nov 1, 2023risk 0.00cvss —epss 0.00
Poorly constructed webap requests and URI components with special characters trigger unhandled errors and exceptions, disclosing information about the underlying technology and other sensitive information details. The website unintentionally reveals sensitive information…
- CVE-2023-5515Nov 1, 2023risk 0.00cvss —epss 0.00
The responses for web queries with certain parameters disclose internal path of resources. This information can be used to learn internal structure of the application and to further plot attacks against web servers and deployed web applications.
- CVE-2023-5514Nov 1, 2023risk 0.00cvss —epss 0.00
The response messages received from the eSOMS report generation using certain parameter queries with full file path can be abused for enumerating the local file system structure.
- CVE-2023-2622Nov 1, 2023risk 0.00cvss —epss 0.00
Authenticated clients can read arbitrary files on the MAIN Computer system using the remote procedure call (RPC) of the InspectSetup service endpoint. The low privilege client is then allowed to read arbitrary files that they do not have authorization to read.
- CVE-2023-45780Oct 30, 2023risk 0.00cvss —epss 0.00
In Print Service, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
- CVE-2023-3440Oct 3, 2023risk 0.00cvss —epss 0.00
Incorrect Default Permissions vulnerability in Hitachi JP1/Performance Management on Windows allows File Manipulation.This issue affects JP1/Performance Management - Manager: from 09-00 before 12-50-07; JP1/Performance Management - Base: from 09-00 through 10-50-*;…
- CVE-2023-3967Oct 3, 2023risk 0.00cvss —epss 0.01
Allocation of Resources Without Limits or Throttling vulnerability in Hitachi Ops Center Common Services on Linux allows DoS.This issue affects Hitachi Ops Center Common Services: before 10.9.3-00.
- CVE-2023-3335Oct 3, 2023risk 0.00cvss —epss 0.00
Insertion of Sensitive Information into Log File vulnerability in Hitachi Ops Center Administrator on Linux allows local users to gain sensitive information.This issue affects Hitachi Ops Center Administrator: before 10.9.3-00.
- CVE-2023-2358Sep 26, 2023risk 0.00cvss —epss 0.00
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.5.0.0 and 9.3.0.4, including 8.3.x.x, saves passwords of the Hadoop Copy Files step in plaintext.
Page 3 of 8