SB2023111013 - Multiple vulnerabilities in Hitachi Energy eSOMS

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Information Exposure Through an Error Message (CVE-ID: CVE-2023-5514)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the response messages received from the eSOMS report generation using certain parameter queries with full file path. A remote attacker can gain unauthorized access to sensitive information on the system.

2) Information disclosure (CVE-ID: CVE-2023-5515)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the responses for web queries with certain parameters disclose internal path of resources. A remote attacker can gain unauthorized access to sensitive information on the system.

3) Information disclosure (CVE-ID: CVE-2023-5516)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to poorly constructed webap requests and URI components with special characters trigger unhandled errors and exceptions. A remote attacker can gain unauthorized access to sensitive information on the system.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

• https://publisher.hitachienergy.com/preview?DocumentId=8DBD000175&languageCode=en&Preview=true
• https://www.cisa.gov/news-events/ics-advisories/icsa-23-313-02
• https://publisher.hitachienergy.com/preview?DocumentId=8DBD000175&languageCode=en&Preview=true