CVE-2021-35531— Remote Code Execution in TXpert Hub CoreTec 4

Remote Code Execution in TXpert Hub CoreTec 4

Improper Input Validation vulnerability in a particular configuration setting field of Hitachi Energy TXpert Hub CoreTec 4 product, allows an attacker with access to an authorized user with ADMIN or ENGINEER role rights to inject an OS command that is executed by the system. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0; 2.0.1; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1.

N/A

输入验证不恰当

Hitachi Energy TXpert Hub CoreTec 4 操作系统命令注入漏洞

Hitachi Energy TXpert Hub CoreTec 4是日本日立制作所（Hitachi）公司的一种数字变压器监控和诊断设备。 Hitachi Energy TXpert Hub CoreTec 4存在操作系统命令注入漏洞，该漏洞源于产品的特定配置设置字段中的不正确输入验证。攻击者利用该漏洞可以访问具有 ADMIN 或 ENGINEER 角色权限的授权用户来注入由系统执行的操作系统命令。

N/A

N/A