VYPR

Vendor CVEs

Hitachi

All CVEs

382 total · sorted by risk
  • CVE-2022-3927Jan 5, 2023
    risk 0.00cvss epss 0.01

    The affected products store both public and private key that are used to sign and protect Custom Parameter Set (CPS) file from modification. An attacker that manages to exploit this vulnerability will be able to change the CPS file, sign it so that it is trusted as the…

  • CVE-2021-40342Jan 5, 2023
    risk 0.00cvss epss 0.00

    In the DES implementation, the affected product versions use a default key for encryption. Successful exploitation allows an attacker to obtain sensitive information and gain access to the network elements that are managed by the affected products versions. This issue…

  • CVE-2021-40341Jan 5, 2023
    risk 0.00cvss epss 0.00

    DES cipher, which has inadequate encryption strength, is used Hitachi Energy FOXMAN-UN to encrypt user credentials used to access the Network Elements. Successful exploitation allows sensitive information to be decrypted easily. This issue affects  * FOXMAN-UN product:…

  • CVE-2022-34881Dec 6, 2022
    risk 0.00cvss epss 0.00

    Generation of Error Message Containing Sensitive Information vulnerability in Hitachi JP1/Automatic Operation allows local users to gain sensitive information. This issue affects JP1/Automatic Operation: from 10-00 through 10-54-03, from 11-00 before 11-51-09, from 12-00 before…

  • CVE-2022-3388Nov 21, 2022
    risk 0.00cvss epss 0.00

    An input validation vulnerability exists in the Monitor Pro interface of MicroSCADA Pro and MicroSCADA X SYS600. An authenticated user can launch an administrator level remote code execution irrespective of the authenticated user's role.

  • CVE-2022-3997Nov 15, 2022
    risk 0.00cvss epss 0.00

    A vulnerability, which was classified as critical, has been found in MonikaBrzica scm. Affected by this issue is some unknown functionality of the file upis_u_bazu.php. The manipulation of the argument email/lozinka/ime/id leads to sql injection. The attack may be launched…

  • CVE-2022-3998Nov 15, 2022
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as critical, was found in MonikaBrzica scm. This affects an unknown part of the file uredi_korisnika.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been…

  • CVE-2021-45448Nov 2, 2022
    risk 0.00cvss epss 0.01

    Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 using the Pentaho Analyzer plugin exposes a service endpoint for templates which allows a user-supplied path to access resources that are out of bounds.  The software uses external input to construct a…

  • CVE-2021-45447Nov 2, 2022
    risk 0.00cvss epss 0.00

    Hitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.2 and 8.3.0.25 with the Data Lineage feature enabled transmits database passwords in clear text.   The transmission of sensitive data in clear text allows unauthorized actors with access to the…

  • CVE-2021-45446Nov 2, 2022
    risk 0.00cvss epss 0.00

    A vulnerability in Hitachi Vantara Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 does not cascade the hidden property to the children of the Home folder.  This directory listing provides an attacker with the complete index of all the resources…

  • CVE-2022-41553Nov 1, 2022
    risk 0.00cvss epss 0.00

    Insertion of Sensitive Information into Temporary File vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer probe component) allows local users to gain sensitive…

  • CVE-2022-41552Nov 1, 2022
    risk 0.00cvss epss 0.01

    Server-Side Request Forgery (SSRF) vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Data Center Analytics, Analytics probe components), Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer detail view, Hitachi Ops Center Analyzer probe components)…

  • CVE-2022-3191Nov 1, 2022
    risk 0.00cvss epss 0.00

    Insertion of Sensitive Information into Log File vulnerability in Hitachi Ops Center Analyzer on Linux (Virtual Strage Software Agent component) allows local users to gain sensitive information. This issue affects Hitachi Ops Center Analyzer: from 10.8.1-00 before 10.9.0-00

  • CVE-2020-36605Nov 1, 2022
    risk 0.00cvss epss 0.00

    Incorrect Default Permissions vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Analyzer probe component), Hitachi Ops Center Viewpoint on Linux (Viewpoint RAID Agent component) allows local…

  • CVE-2022-2637Oct 6, 2022
    risk 0.00cvss epss 0.00

    Incorrect Privilege Assignment vulnerability in Hitachi Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation.This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.8.0 before 04.9.0.

  • CVE-2021-28052Sep 26, 2022
    risk 0.00cvss epss 0.01

    A tenant administrator Hitachi Content Platform (HCP) may modify the configuration in another tenant without authorization, potentially allowing unauthorized access to data in the other tenant. Also, a tenant user (non-administrator) may view configuration in another tenant…

  • CVE-2022-29492Sep 14, 2022
    risk 0.00cvss epss 0.01

    Improper Input Validation vulnerability in the handling of a malformed IEC 104 TCP packet in the Hitachi Energy MicroSCADA X SYS600, MicroSCADA Pro SYS600. Upon receiving a malformed IEC 104 TCP packet, the malformed packet is dropped, however the TCP connection is left open.…

  • CVE-2022-1778Sep 14, 2022
    risk 0.00cvss epss 0.00

    Improper Input Validation vulnerability in Hitachi Energy MicroSCADA X SYS600 while reading a specific configuration file causes a buffer-overflow that causes a failure to start the SYS600. The configuration file can only be accessed by an administrator access. This issue…

  • CVE-2022-29922Sep 14, 2022
    risk 0.00cvss epss 0.01

    Improper Input Validation vulnerability in the handling of a specially crafted IEC 61850 packet with a valid data item but with incorrect data type in the IEC 61850 OPC Server in the Hitachi Energy MicroSCADA X SYS600, MicroSCADA Pro SYS600. The vulnerability may cause a…

  • CVE-2022-2277Sep 14, 2022
    risk 0.00cvss epss 0.01

    Improper Input Validation vulnerability exists in the Hitachi Energy MicroSCADA X SYS600's ICCP stack during the ICCP communication establishment causes a denial-of-service when ICCP of SYS600 is request to forward any data item updates with timestamps too distant in the future…

  • CVE-2022-29490Sep 12, 2022
    risk 0.00cvss epss 0.01

    Improper Authorization vulnerability exists in the Workplace X WebUI of the Hitachi Energy MicroSCADA X SYS600 allows an authenticated user to execute any MicroSCADA internal scripts irrespective of the authenticated user's role. This issue affects: Hitachi Energy MicroSCADA X…

  • CVE-2022-34883Sep 6, 2022
    risk 0.00cvss epss 0.01

    OS Command Injection vulnerability in Hitachi RAID Manager Storage Replication Adapter allows remote authenticated users to execute arbitrary OS commands. This issue affects: Hitachi RAID Manager Storage Replication Adapter 02.01.04 versions prior to 02.03.02 on Windows;…

  • CVE-2022-34882Sep 6, 2022
    risk 0.00cvss epss 0.01

    Information Exposure Through an Error Message vulnerability in Hitachi RAID Manager Storage Replication Adapter allows remote authenticated users to gain sensitive information. This issue affects: Hitachi RAID Manager Storage Replication Adapter 02.01.04 versions prior to…

  • CVE-2022-37681Aug 29, 2022
    risk 0.00cvss epss 0.01

    Hitachi Kokusai Electric Newtork products for monitoring system (Camera, Decoder and Encoder) and below allows attckers to perform a directory traversal via a crafted GET request to the endpoint /ptippage.cgi. Security information ID hitachi-sec-2022-001 contains fixes for the…

  • CVE-2022-37680Aug 29, 2022
    risk 0.00cvss epss 0.01

    An improper authentication for critical function issue in Hitachi Kokusai Electric Network products for monitoring system (Camera, Decoder and Encoder) and bellow allows attckers to remotely reboot the device via a crafted POST request to the endpoint /ptipupgrade.cgi. Security…

  • CVE-2021-35530Jun 7, 2022
    risk 0.00cvss epss 0.00

    A vulnerability in the application authentication and authorization mechanism in Hitachi Energy's TXpert Hub CoreTec 4, that depends on a token validation of the session identifier, allows an unauthorized modified message to be executed in the server enabling an unauthorized…

  • CVE-2021-35531Jun 7, 2022
    risk 0.00cvss epss 0.00

    Improper Input Validation vulnerability in a particular configuration setting field of Hitachi Energy TXpert Hub CoreTec 4 product, allows an attacker with access to an authorized user with ADMIN or ENGINEER role rights to inject an OS command that is executed by the system.…

  • CVE-2021-35532Jun 7, 2022
    risk 0.00cvss epss 0.00

    A vulnerability exists in the file upload validation part of Hitachi Energy TXpert Hub CoreTec 4 product. The vulnerability allows an attacker or malicious agent who manages to gain access to the system and obtain an account with sufficient privilege to upload a malicious…

  • CVE-2021-26351May 12, 2022
    risk 0.00cvss epss 0.00

    Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA (Direct Memory Access) read/write from/to invalid DRAM address that could result in denial of service.

  • CVE-2021-26373May 11, 2022
    risk 0.00cvss epss 0.00

    Insufficient bound checks in the System Management Unit (SMU) may result in a system voltage malfunction that could result in denial of resources and/or possibly denial of service.

  • CVE-2021-26378May 11, 2022
    risk 0.00cvss epss 0.00

    Insufficient bound checks in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service.

  • CVE-2021-26372May 11, 2022
    risk 0.00cvss epss 0.00

    Insufficient bound checks related to PCIE in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service.

  • CVE-2022-28613May 2, 2022
    risk 0.00cvss epss 0.01

    A vulnerability exists in the HCI Modbus TCP function included in the product versions listed above. If the HCI Modbus TCP is en-abled and configured, an attacker could exploit the vulnerability by sending a specially crafted message to the RTU500, causing the receiving RTU500…

  • CVE-2021-40340Jan 28, 2022
    risk 0.00cvss epss 0.01

    Information Exposure vulnerability in Hitachi Energy LinkOne application, due to a misconfiguration in the ASP server exposes server and ASP.net information, an attacker that manages to exploit this vulnerability can use the exposed information as a reconnaissance for further…

  • CVE-2021-40339Jan 28, 2022
    risk 0.00cvss epss 0.01

    Configuration vulnerability in Hitachi Energy LinkOne application due to the lack of HTTP Headers, allows an attacker that manages to exploit this vulnerability to retrieve sensitive information. This issue affects: Hitachi Energy LinkOne 3.20; 3.22; 3.23; 3.24; 3.25; 3.26.

  • CVE-2021-40338Jan 28, 2022
    risk 0.00cvss epss 0.01

    Hitachi Energy LinkOne product, has a vulnerability due to a web server misconfiguration, that enables debug mode and reveals the full path of the filesystem directory when an attacker generates errors during a query operation. This issue affects: Hitachi Energy LinkOne 3.20;…

  • CVE-2021-40337Jan 25, 2022
    risk 0.00cvss epss 0.00

    Cross-site Scripting (XSS) vulnerability in Hitachi Energy LinkOne allows an attacker that manages to exploit the vulnerability can take advantage to exploit multiple web attacks and stole sensitive information. This issue affects: Hitachi Energy LinkOne 3.20; 3.22; 3.23; 3.24;…

  • CVE-2021-40333Dec 2, 2021
    risk 0.00cvss epss 0.01

    Weak Password Requirements vulnerability in Hitachi Energy FOX61x, XCM20 allows an attacker to gain unauthorized access to the Data Communication Network (DCN) routing configuration. This issue affects: Hitachi Energy FOX61x versions prior to R15A. Hitachi Energy XCM20 versions…

  • CVE-2021-40334Dec 2, 2021
    risk 0.00cvss epss 0.01

    Missing Handler vulnerability in the proprietary management protocol (port TCP 5558) of Hitachi Energy FOX61x, XCM20 allows an attacker that exploits the vulnerability by activating SSH on port TCP 5558 to cause disruption to the NMS and NE communication. This issue affects:…

  • CVE-2021-35533Nov 26, 2021
    risk 0.00cvss epss 0.01

    Improper Input Validation vulnerability in the APDU parser in the Bidirectional Communication Interface (BCI) IEC 60870-5-104 function of Hitachi Energy RTU500 series allows an attacker to cause the receiving RTU500 CMU of which the BCI is enabled to reboot when receiving a…

  • CVE-2021-35534Nov 18, 2021
    risk 0.00cvss epss 0.02

    Insufficient security control vulnerability in internal database access mechanism of Hitachi Energy Relion 670/650/SAM600-IO, Relion 650, GMS600, PWC600 allows attacker who successfully exploited this vulnerability, of which the product does not sufficiently restrict access to…

  • CVE-2021-35535Nov 18, 2021
    risk 0.00cvss epss 0.01

    Insecure Boot Image vulnerability in Hitachi Energy Relion Relion 670/650/SAM600-IO series allows an attacker who manages to get access to the front network port and to cause a reboot sequences of the device may exploit the vulnerability, where there is a tiny time gap during…

  • CVE-2021-35528Nov 17, 2021
    risk 0.00cvss epss 0.00

    Improper Access Control vulnerability in the application authentication and authorization of Hitachi Energy Retail Operations, Counterparty Settlement and Billing (CSB) allows an attacker to execute a modified signed Java Applet JAR file. A successful exploitation may lead to…

  • CVE-2021-26330Nov 16, 2021
    risk 0.00cvss epss 0.00

    AMD System Management Unit (SMU) may experience a heap-based overflow which may result in a loss of resources.

  • CVE-2021-26331Nov 16, 2021
    risk 0.00cvss epss 0.00

    AMD System Management Unit (SMU) contains a potential issue where a malicious user may be able to manipulate mailbox entries leading to arbitrary code execution.

  • CVE-2021-26336Nov 16, 2021
    risk 0.00cvss epss 0.00

    Insufficient bounds checking in System Management Unit (SMU) may cause invalid memory accesses/updates that could result in SMU hang and subsequent failure to service any further requests from other components.

  • CVE-2021-26329Nov 16, 2021
    risk 0.00cvss epss 0.00

    AMD System Management Unit (SMU) may experience an integer overflow when an invalid length is provided which may result in a potential loss of resources.

  • CVE-2021-26338Nov 16, 2021
    risk 0.00cvss epss 0.01

    Improper access controls in System Management Unit (SMU) may allow for an attacker to override performance control tables located in DRAM resulting in a potential lack of system resources.

  • CVE-2021-34685Nov 8, 2021
    risk 0.00cvss epss 0.02

    UploadService in Hitachi Vantara Pentaho Business Analytics through 9.1 does not properly verify uploaded user files, which allows an authenticated user to upload various files of different file types. Specifically, a .jsp file is not allowed, but a .jsp. file is allowed (and…

  • CVE-2021-31601Nov 8, 2021
    risk 0.00cvss epss 0.01

    An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. They implement a series of web services using the SOAP protocol to allow scripting interaction with the backend server. An authenticated user (regardless of…

Page 5 of 8