CVE-2023-4816 - OpenCVE

A vulnerability exists in the Equipment Tag Out authentication, when configured with Single Sign-On (SSO) with password validation in T214. This vulnerability can be exploited by an authenticated user per-forming an Equipment Tag Out holder action (Accept, Release, and Clear) for another user and entering an arbitrary password in the holder action confirmation dialog box. Despite entering an arbitrary password in the confirmation box, the system will execute the selected holder action.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Hitachienergy	Asset Suite

Configuration 1 [-]

OR	cpe:2.3:a:hitachienergy:asset_suite::::::::
	cpe:2.3:a:hitachienergy:asset_suite:9.6.4:::::::*

References

Link	Resource
https://images.go.hitachienergy.com/Web/ABBEnterpriseSoftware/%7B70b3d323-4866-42e1-8a75-58996729c1d4%7D_8DBD000172-VU-2023-23_Asset_Suite_Tagout_vulnerability_Rev1.pdf	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Hitachi Energy

Published: 2023-09-11T07:40:46.735Z

Updated: 2023-11-01T01:53:57.383Z

Reserved: 2023-09-07T07:02:56.867Z

Link: CVE-2023-4816

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-09-11T08:15:07.917

Modified: 2023-09-13T14:35:05.177

Link: CVE-2023-4816

JSON object: View

Redhat Information

No data.

CWE

CWE-287

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-4816", "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17", "state": "PUBLISHED", "assignerShortName": "Hitachi Energy", "dateReserved": "2023-09-07T07:02:56.867Z", "datePublished": "2023-09-11T07:40:46.735Z", "dateUpdated": "2023-11-01T01:53:57.383Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Asset Suite 9", "vendor": "Hitachi Energy", "versions": [{"lessThanOrEqual": "9.6.3.11.1", "status": "affected", "version": "9.6.3.11.0", "versionType": "custom"}, {"status": "affected", "version": "9.6.4"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A vulnerability exists in the Equipment Tag Out authentication, when configured with Single Sign-On (SSO) with password validation in T214. This vulnerability can be exploited by an authenticated user per-forming an Equipment Tag Out holder action (Accept, Release, and Clear) for another user and entering an arbitrary password in the holder action confirmation dialog box. Despite entering an arbitrary password in the confirmation box, the system will execute the selected holder action."}], "value": "A vulnerability exists in the Equipment Tag Out authentication, when configured with Single Sign-On (SSO) with password validation in T214. This vulnerability can be exploited by an authenticated user per-forming an Equipment Tag Out holder action (Accept, Release, and Clear) for another user and entering an arbitrary password in the holder action confirmation dialog box. Despite entering an arbitrary password in the confirmation box, the system will execute the selected holder action."}], "impacts": [{"capecId": "CAPEC-114", "descriptions": [{"lang": "en", "value": "CAPEC-114 Authentication Abuse"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:H/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-287", "description": "CWE-287 Improper Authentication", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "e383dce4-0c27-4495-91c4-0db157728d17", "shortName": "Hitachi Energy", "dateUpdated": "2023-11-01T01:53:57.383Z"}, "references": [{"url": "https://images.go.hitachienergy.com/Web/ABBEnterpriseSoftware/%7B70b3d323-4866-42e1-8a75-58996729c1d4%7D_8DBD000172-VU-2023-23_Asset_Suite_Tagout_vulnerability_Rev1.pdf"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hitachienergy:asset_suite:*:*:*:*:*:*:*:*", "matchCriteriaId": "FAC84DA0-C8A5-433E-A812-7E182295CD06", "versionEndIncluding": "9.6.3.11.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:hitachienergy:asset_suite:9.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "6D04B485-9331-43B1-A8D9-4C245E20738A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability exists in the Equipment Tag Out authentication, when configured with Single Sign-On (SSO) with password validation in T214. This vulnerability can be exploited by an authenticated user per-forming an Equipment Tag Out holder action (Accept, Release, and Clear) for another user and entering an arbitrary password in the holder action confirmation dialog box. Despite entering an arbitrary password in the confirmation box, the system will execute the selected holder action."}, {"lang": "es", "value": "Existe una vulnerabilidad en la autenticaci\u00f3n de Etiquetado de Equipos, cuando se configura con Inicio de Sesi\u00f3n \u00danico con validaci\u00f3n de contrase\u00f1a en T214. Esta vulnerabilidad puede ser explotada por un usuario autenticado que realiza una acci\u00f3n de titular de Etiquetado de Equipo (Aceptar, Liberar y Borrar) para otro usuario e ingresa una contrase\u00f1a arbitraria en el cuadro de di\u00e1logo de confirmaci\u00f3n de la acci\u00f3n del titular. A pesar de ingresar una contrase\u00f1a arbitraria en el cuadro de confirmaci\u00f3n, el sistema ejecutar\u00e1 la acci\u00f3n del titular seleccionado."}], "id": "CVE-2023-4816", "lastModified": "2023-09-13T14:35:05.177", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 4.7, "source": "cybersecurity@hitachienergy.com", "type": "Secondary"}]}, "published": "2023-09-11T08:15:07.917", "references": [{"source": "cybersecurity@hitachienergy.com", "tags": ["Vendor Advisory"], "url": "https://images.go.hitachienergy.com/Web/ABBEnterpriseSoftware/%7B70b3d323-4866-42e1-8a75-58996729c1d4%7D_8DBD000172-VU-2023-23_Asset_Suite_Tagout_vulnerability_Rev1.pdf"}], "sourceIdentifier": "cybersecurity@hitachienergy.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-287"}], "source": "cybersecurity@hitachienergy.com", "type": "Secondary"}]}