Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-40340 (GCVE-0-2021-40340)
Vulnerability from cvelistv5 – Published: 2022-01-28 19:09 – Updated: 2024-09-17 02:11
VLAI
EPSS
Title
OWASP Related Vulnerabilities in Hitachi Energy’s LinkOne Product
Summary
Information Exposure vulnerability in Hitachi Energy LinkOne application, due to a misconfiguration in the ASP server exposes server and ASP.net information, an attacker that manages to exploit this vulnerability can use the exposed information as a reconnaissance for further exploitation. This issue affects: Hitachi Energy LinkOne 3.20; 3.22; 3.23; 3.24; 3.25; 3.26.
Severity
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://search.abb.com/library/Download.aspx?Docu… | x_refsource_CONFIRM |
Date Public
2021-12-23 00:00
Credits
Hitachi Energy thanks the following for working with us to help protect our customers: Compañía Minera Doña Inés de Collahuasi SCM.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:27:31.911Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000079\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Hitachi Energy thanks the following for working with us to help protect our customers: Compa\u00f1\u00eda Minera Do\u00f1a In\u00e9s de Collahuasi SCM."
}
],
"datePublic": "2021-12-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Information Exposure vulnerability in Hitachi Energy LinkOne application, due to a misconfiguration in the ASP server exposes server and ASP.net information, an attacker that manages to exploit this vulnerability can use the exposed information as a reconnaissance for further exploitation. This issue affects: Hitachi Energy LinkOne 3.20; 3.22; 3.23; 3.24; 3.25; 3.26."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-28T19:09:57.000Z",
"orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"shortName": "Hitachi Energy"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000079\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"solutions": [
{
"lang": "en",
"value": "For each version, apply security patch or update to LinkOne v3.27"
}
],
"source": {
"discovery": "USER"
},
"title": "OWASP Related Vulnerabilities in Hitachi Energy\u2019s LinkOne Product",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@hitachienergy.com",
"DATE_PUBLIC": "2021-12-23T17:00:00.000Z",
"ID": "CVE-2021-40340",
"STATE": "PUBLIC",
"TITLE": "OWASP Related Vulnerabilities in Hitachi Energy\u2019s LinkOne Product"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Hitachi Energy thanks the following for working with us to help protect our customers: Compa\u00f1\u00eda Minera Do\u00f1a In\u00e9s de Collahuasi SCM."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Information Exposure vulnerability in Hitachi Energy LinkOne application, due to a misconfiguration in the ASP server exposes server and ASP.net information, an attacker that manages to exploit this vulnerability can use the exposed information as a reconnaissance for further exploitation. This issue affects: Hitachi Energy LinkOne 3.20; 3.22; 3.23; 3.24; 3.25; 3.26."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000079\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "CONFIRM",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000079\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
]
},
"solution": [
{
"lang": "en",
"value": "For each version, apply security patch or update to LinkOne v3.27"
}
],
"source": {
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"assignerShortName": "Hitachi Energy",
"cveId": "CVE-2021-40340",
"datePublished": "2022-01-28T19:09:57.381Z",
"dateReserved": "2021-08-31T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:11:03.373Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2021-40340",
"date": "2026-06-11",
"epss": "0.00307",
"percentile": "0.54334"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-40340\",\"sourceIdentifier\":\"cybersecurity@hitachienergy.com\",\"published\":\"2022-01-28T20:15:11.307\",\"lastModified\":\"2024-11-21T06:23:54.010\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Information Exposure vulnerability in Hitachi Energy LinkOne application, due to a misconfiguration in the ASP server exposes server and ASP.net information, an attacker that manages to exploit this vulnerability can use the exposed information as a reconnaissance for further exploitation. This issue affects: Hitachi Energy LinkOne 3.20; 3.22; 3.23; 3.24; 3.25; 3.26.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de Exposici\u00f3n de Informaci\u00f3n en la aplicaci\u00f3n Hitachi Energy LinkOne, debido a una configuraci\u00f3n inapropiada en el servidor ASP se expone informaci\u00f3n del servidor y de ASP.net, un atacante que consiga explotar esta vulnerabilidad puede usar la informaci\u00f3n expuesta como reconocimiento para su posterior explotaci\u00f3n. Este problema afecta a: Hitachi Energy LinkOne versiones 3.20; 3.22; 3.23; 3.24; 3.25; 3.26\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cybersecurity@hitachienergy.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":3.7,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:linkone:3.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A16D152-D43D-4142-9233-537641563DED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:linkone:3.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5CAD5EC3-8E95-4B92-92F8-D9D6E869736A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:linkone:3.23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"74EFFBDC-AC66-41B4-B2DA-B3800FADCDDD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:linkone:3.24:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"41AC7B8C-4C18-4E79-96FA-E52FF81377E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:linkone:3.25:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8AA20569-CB37-404F-B459-2C5CD4C3C44D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:linkone:3.26:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B91F1986-443B-4802-8D20-FFD8B7FE7322\"}]}]}],\"references\":[{\"url\":\"https://search.abb.com/library/Download.aspx?DocumentID=8DBD000079\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\",\"source\":\"cybersecurity@hitachienergy.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://search.abb.com/library/Download.aspx?DocumentID=8DBD000079\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
FKIE_CVE-2021-40340
Vulnerability from fkie_nvd - Published: 2022-01-28 20:15 - Updated: 2024-11-21 06:23
Severity
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Information Exposure vulnerability in Hitachi Energy LinkOne application, due to a misconfiguration in the ASP server exposes server and ASP.net information, an attacker that manages to exploit this vulnerability can use the exposed information as a reconnaissance for further exploitation. This issue affects: Hitachi Energy LinkOne 3.20; 3.22; 3.23; 3.24; 3.25; 3.26.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hitachi:linkone:3.20:*:*:*:*:*:*:*",
"matchCriteriaId": "2A16D152-D43D-4142-9233-537641563DED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hitachi:linkone:3.22:*:*:*:*:*:*:*",
"matchCriteriaId": "5CAD5EC3-8E95-4B92-92F8-D9D6E869736A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hitachi:linkone:3.23:*:*:*:*:*:*:*",
"matchCriteriaId": "74EFFBDC-AC66-41B4-B2DA-B3800FADCDDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hitachi:linkone:3.24:*:*:*:*:*:*:*",
"matchCriteriaId": "41AC7B8C-4C18-4E79-96FA-E52FF81377E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hitachi:linkone:3.25:*:*:*:*:*:*:*",
"matchCriteriaId": "8AA20569-CB37-404F-B459-2C5CD4C3C44D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hitachi:linkone:3.26:*:*:*:*:*:*:*",
"matchCriteriaId": "B91F1986-443B-4802-8D20-FFD8B7FE7322",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Information Exposure vulnerability in Hitachi Energy LinkOne application, due to a misconfiguration in the ASP server exposes server and ASP.net information, an attacker that manages to exploit this vulnerability can use the exposed information as a reconnaissance for further exploitation. This issue affects: Hitachi Energy LinkOne 3.20; 3.22; 3.23; 3.24; 3.25; 3.26."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Exposici\u00f3n de Informaci\u00f3n en la aplicaci\u00f3n Hitachi Energy LinkOne, debido a una configuraci\u00f3n inapropiada en el servidor ASP se expone informaci\u00f3n del servidor y de ASP.net, un atacante que consiga explotar esta vulnerabilidad puede usar la informaci\u00f3n expuesta como reconocimiento para su posterior explotaci\u00f3n. Este problema afecta a: Hitachi Energy LinkOne versiones 3.20; 3.22; 3.23; 3.24; 3.25; 3.26"
}
],
"id": "CVE-2021-40340",
"lastModified": "2024-11-21T06:23:54.010",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "cybersecurity@hitachienergy.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-01-28T20:15:11.307",
"references": [
{
"source": "cybersecurity@hitachienergy.com",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000079\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000079\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"sourceIdentifier": "cybersecurity@hitachienergy.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-C776-RV55-Q779
Vulnerability from github – Published: 2022-01-29 00:00 – Updated: 2022-02-04 00:00
VLAI
Details
Information Exposure vulnerability in Hitachi Energy LinkOne application, due to a misconfiguration in the ASP server exposes server and ASP.net information, an attacker that manages to exploit this vulnerability can use the exposed information as a reconnaissance for further exploitation. This issue affects: Hitachi Energy LinkOne 3.20; 3.22; 3.23; 3.24; 3.25; 3.26.
{
"affected": [],
"aliases": [
"CVE-2021-40340"
],
"database_specific": {
"cwe_ids": [
"CWE-200"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-28T20:15:00Z",
"severity": "HIGH"
},
"details": "Information Exposure vulnerability in Hitachi Energy LinkOne application, due to a misconfiguration in the ASP server exposes server and ASP.net information, an attacker that manages to exploit this vulnerability can use the exposed information as a reconnaissance for further exploitation. This issue affects: Hitachi Energy LinkOne 3.20; 3.22; 3.23; 3.24; 3.25; 3.26.",
"id": "GHSA-c776-rv55-q779",
"modified": "2022-02-04T00:00:42Z",
"published": "2022-01-29T00:00:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40340"
},
{
"type": "WEB",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000079\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"schema_version": "1.4.0",
"severity": []
}
GSD-2021-40340
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
Information Exposure vulnerability in Hitachi Energy LinkOne application, due to a misconfiguration in the ASP server exposes server and ASP.net information, an attacker that manages to exploit this vulnerability can use the exposed information as a reconnaissance for further exploitation. This issue affects: Hitachi Energy LinkOne 3.20; 3.22; 3.23; 3.24; 3.25; 3.26.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-40340",
"description": "Information Exposure vulnerability in Hitachi Energy LinkOne application, due to a misconfiguration in the ASP server exposes server and ASP.net information, an attacker that manages to exploit this vulnerability can use the exposed information as a reconnaissance for further exploitation. This issue affects: Hitachi Energy LinkOne 3.20; 3.22; 3.23; 3.24; 3.25; 3.26.",
"id": "GSD-2021-40340"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-40340"
],
"details": "Information Exposure vulnerability in Hitachi Energy LinkOne application, due to a misconfiguration in the ASP server exposes server and ASP.net information, an attacker that manages to exploit this vulnerability can use the exposed information as a reconnaissance for further exploitation. This issue affects: Hitachi Energy LinkOne 3.20; 3.22; 3.23; 3.24; 3.25; 3.26.",
"id": "GSD-2021-40340",
"modified": "2023-12-13T01:23:25.455869Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@hitachienergy.com",
"DATE_PUBLIC": "2021-12-23T17:00:00.000Z",
"ID": "CVE-2021-40340",
"STATE": "PUBLIC",
"TITLE": "OWASP Related Vulnerabilities in Hitachi Energy\u2019s LinkOne Product"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Hitachi Energy thanks the following for working with us to help protect our customers: Compa\u00f1\u00eda Minera Do\u00f1a In\u00e9s de Collahuasi SCM."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Information Exposure vulnerability in Hitachi Energy LinkOne application, due to a misconfiguration in the ASP server exposes server and ASP.net information, an attacker that manages to exploit this vulnerability can use the exposed information as a reconnaissance for further exploitation. This issue affects: Hitachi Energy LinkOne 3.20; 3.22; 3.23; 3.24; 3.25; 3.26."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000079\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "CONFIRM",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000079\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
]
},
"solution": [
{
"lang": "eng",
"value": "For each version, apply security patch or update to LinkOne v3.27"
}
],
"source": {
"discovery": "USER"
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:hitachi:linkone:3.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:linkone:3.22:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:linkone:3.23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:linkone:3.24:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:linkone:3.25:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:linkone:3.26:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@hitachienergy.com",
"ID": "CVE-2021-40340"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Information Exposure vulnerability in Hitachi Energy LinkOne application, due to a misconfiguration in the ASP server exposes server and ASP.net information, an attacker that manages to exploit this vulnerability can use the exposed information as a reconnaissance for further exploitation. This issue affects: Hitachi Energy LinkOne 3.20; 3.22; 3.23; 3.24; 3.25; 3.26."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000079\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000079\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2022-02-03T17:37Z",
"publishedDate": "2022-01-28T20:15Z"
}
}
}
ICSA-22-088-03
Vulnerability from csaf_cisa - Published: 2022-03-29 00:00 - Updated: 2022-03-29 00:00Summary
Hitachi Energy LinkOne WebView
Notes
CISA Disclaimer: This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice: All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation: Successful exploitation of these vulnerabilities could allow an attacker to modify a victim 's system files or information, disclose application full path, disclose sensitive information to an unauthorized actor, and launch a common web attack.
Critical infrastructure sectors: Multiple Sectors
Countries/areas deployed: Worldwide
Company headquarters location: Switzerland
Recommended Practices: CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:
Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.
Recommended Practices: CISA also recommends users take the following measures to protect themselves from social engineering attacks:
Exploitability: No known public exploits specifically target these vulnerabilities. These vulnerabilities have a high attack complexity.
4.2 (Medium)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
LinkOne WebView: v3.25
Hitachi Energy / LinkOne WebView
|
3.25 |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
LinkOne WebView: v3.23
Hitachi Energy / LinkOne WebView
|
3.23 |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
LinkOne WebView: v3.22
Hitachi Energy / LinkOne WebView
|
3.22 |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
LinkOne WebView: v3.24
Hitachi Energy / LinkOne WebView
|
3.24 |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
LinkOne WebView: v3.26
Hitachi Energy / LinkOne WebView
|
3.26 |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
LinkOne WebView: v3.20
Hitachi Energy / LinkOne WebView
|
3.2 |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
CWE-209
- Generation of Error Message Containing Sensitive Information
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
LinkOne WebView: v3.25
Hitachi Energy / LinkOne WebView
|
3.25 |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
LinkOne WebView: v3.23
Hitachi Energy / LinkOne WebView
|
3.23 |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
LinkOne WebView: v3.22
Hitachi Energy / LinkOne WebView
|
3.22 |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
LinkOne WebView: v3.24
Hitachi Energy / LinkOne WebView
|
3.24 |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
LinkOne WebView: v3.26
Hitachi Energy / LinkOne WebView
|
3.26 |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
LinkOne WebView: v3.20
Hitachi Energy / LinkOne WebView
|
3.2 |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
CWE-693
- Protection Mechanism Failure
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
LinkOne WebView: v3.25
Hitachi Energy / LinkOne WebView
|
3.25 |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
LinkOne WebView: v3.23
Hitachi Energy / LinkOne WebView
|
3.23 |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
LinkOne WebView: v3.22
Hitachi Energy / LinkOne WebView
|
3.22 |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
LinkOne WebView: v3.24
Hitachi Energy / LinkOne WebView
|
3.24 |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
LinkOne WebView: v3.26
Hitachi Energy / LinkOne WebView
|
3.26 |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
LinkOne WebView: v3.20
Hitachi Energy / LinkOne WebView
|
3.2 |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
CWE-200
- Exposure of Sensitive Information to an Unauthorized Actor
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
LinkOne WebView: v3.25
Hitachi Energy / LinkOne WebView
|
3.25 |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
LinkOne WebView: v3.23
Hitachi Energy / LinkOne WebView
|
3.23 |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
LinkOne WebView: v3.22
Hitachi Energy / LinkOne WebView
|
3.22 |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
LinkOne WebView: v3.24
Hitachi Energy / LinkOne WebView
|
3.24 |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
LinkOne WebView: v3.26
Hitachi Energy / LinkOne WebView
|
3.26 |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
LinkOne WebView: v3.20
Hitachi Energy / LinkOne WebView
|
3.2 |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
References
11 references
Acknowledgments
Compañía Minera Doña Inés de Collahuasi SCM
{
"document": {
"acknowledgments": [
{
"organization": "Compa\u00f1\u00eda Minera Do\u00f1a In\u00e9s de Collahuasi SCM",
"summary": "reporting these vulnerabilities to Hitachi Energy"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "Successful exploitation of these vulnerabilities could allow an attacker to modify a victim \u0027s system files or information, disclose application full path, disclose sensitive information to an unauthorized actor, and launch a common web attack.",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Multiple Sectors",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Switzerland",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also recommends users take the following measures to protect themselves from social engineering attacks:",
"title": "Recommended Practices"
},
{
"category": "other",
"text": "No known public exploits specifically target these vulnerabilities. These vulnerabilities have a high attack complexity.",
"title": "Exploitability"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-22-088-03 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2022/icsa-22-088-03.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-22-088-03 Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-088-03"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ncas/tips/ST04-014"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Hitachi Energy LinkOne WebView",
"tracking": {
"current_release_date": "2022-03-29T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-22-088-03",
"initial_release_date": "2022-03-29T00:00:00.000000Z",
"revision_history": [
{
"date": "2022-03-29T00:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "ICSA-22-088-03 Hitachi Energy LinkOne WebView"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.25",
"product": {
"name": "LinkOne WebView: v3.25",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "LinkOne WebView"
},
{
"branches": [
{
"category": "product_version",
"name": "3.23",
"product": {
"name": "LinkOne WebView: v3.23",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "LinkOne WebView"
},
{
"branches": [
{
"category": "product_version",
"name": "3.22",
"product": {
"name": "LinkOne WebView: v3.22",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "LinkOne WebView"
},
{
"branches": [
{
"category": "product_version",
"name": "3.24",
"product": {
"name": "LinkOne WebView: v3.24",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "LinkOne WebView"
},
{
"branches": [
{
"category": "product_version",
"name": "3.26",
"product": {
"name": "LinkOne WebView: v3.26",
"product_id": "CSAFPID-0005"
}
}
],
"category": "product_name",
"name": "LinkOne WebView"
},
{
"branches": [
{
"category": "product_version",
"name": "3.2",
"product": {
"name": "LinkOne WebView: v3.20",
"product_id": "CSAFPID-0006"
}
}
],
"category": "product_name",
"name": "LinkOne WebView"
}
],
"category": "vendor",
"name": "Hitachi Energy"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-40337",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "Multiple stored XSS vulnerabilities exist in the LinkOne application, allowing multiple web attacks and the theft of sensitive information.CVE-2021-40337 has been assigned to these vulnerabilities. A CVSS v3 base score of 4.2 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40337"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy recommends applying the available security patch or updating LinkOne to v3.27. Contact Hitachi Energy for more information on applying the security patch or updating LinkOne to v3.27",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
],
"url": "https://www.hitachienergy.com/contact-us"
},
{
"category": "mitigation",
"details": "Recommended security practices and firewall configurations can help protect the application from attacks that originate from outside the network. Such practices include physically protecting the application from direct access by unauthorized personnel, having no direct connections to the Internet. For the end-user of the application, it is recommended to use the latest browser when accessing the LinkOne application.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
},
{
"category": "mitigation",
"details": "For more information, review Hitachi Energy\u0027s security advisory 8DBD000079",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000079\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Additional recommendation is to follow the hardening guidelines published by The Center for Internet Security (CIS) to protect the host Operating System on which the LinkOne is hosted.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
],
"url": "https://www.cisecurity.org/about-us/"
},
{
"category": "mitigation",
"details": "For additional information and support please contact your product provider or Hitachi Energy service.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
],
"url": "https://www.hitachienergy.com/contact-us/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
}
]
},
{
"cve": "CVE-2021-40338",
"cwe": {
"id": "CWE-209",
"name": "Generation of Error Message Containing Sensitive Information"
},
"notes": [
{
"category": "summary",
"text": "When an error happens during the query operation in the application due to a misconfiguration in the web server configuration file, debug mode in LinkOne application is activated and shows the full path of the directory.CVE-2021-40338 has been assigned to this vulnerability. A CVSS v3 base score of 3.7 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40338"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy recommends applying the available security patch or updating LinkOne to v3.27. Contact Hitachi Energy for more information on applying the security patch or updating LinkOne to v3.27",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
],
"url": "https://www.hitachienergy.com/contact-us"
},
{
"category": "mitigation",
"details": "Recommended security practices and firewall configurations can help protect the application from attacks that originate from outside the network. Such practices include physically protecting the application from direct access by unauthorized personnel, having no direct connections to the Internet. For the end-user of the application, it is recommended to use the latest browser when accessing the LinkOne application.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
},
{
"category": "mitigation",
"details": "For more information, review Hitachi Energy\u0027s security advisory 8DBD000079",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000079\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Additional recommendation is to follow the hardening guidelines published by The Center for Internet Security (CIS) to protect the host Operating System on which the LinkOne is hosted.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
],
"url": "https://www.cisecurity.org/about-us/"
},
{
"category": "mitigation",
"details": "For additional information and support please contact your product provider or Hitachi Energy service.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
],
"url": "https://www.hitachienergy.com/contact-us/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
}
]
},
{
"cve": "CVE-2021-40339",
"cwe": {
"id": "CWE-693",
"name": "Protection Mechanism Failure"
},
"notes": [
{
"category": "summary",
"text": "The LinkOne application is lacking HTTP Headers, allowing an attacker to retrieve sensitive information.CVE-2021-40339 has been assigned to this vulnerability. A CVSS v3 base score of 3.7 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40339"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy recommends applying the available security patch or updating LinkOne to v3.27. Contact Hitachi Energy for more information on applying the security patch or updating LinkOne to v3.27",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
],
"url": "https://www.hitachienergy.com/contact-us"
},
{
"category": "mitigation",
"details": "Recommended security practices and firewall configurations can help protect the application from attacks that originate from outside the network. Such practices include physically protecting the application from direct access by unauthorized personnel, having no direct connections to the Internet. For the end-user of the application, it is recommended to use the latest browser when accessing the LinkOne application.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
},
{
"category": "mitigation",
"details": "For more information, review Hitachi Energy\u0027s security advisory 8DBD000079",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000079\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Additional recommendation is to follow the hardening guidelines published by The Center for Internet Security (CIS) to protect the host Operating System on which the LinkOne is hosted.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
],
"url": "https://www.cisecurity.org/about-us/"
},
{
"category": "mitigation",
"details": "For additional information and support please contact your product provider or Hitachi Energy service.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
],
"url": "https://www.hitachienergy.com/contact-us/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
}
]
},
{
"cve": "CVE-2021-40340",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "summary",
"text": "Misconfiguration in the ASP server causes server and ASP.net information to be shown. An attacker can use this information as a reconnaissance for further exploitation.CVE-2021-40340 has been assigned to this vulnerability. A CVSS v3 base score of 3.7 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40340"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy recommends applying the available security patch or updating LinkOne to v3.27. Contact Hitachi Energy for more information on applying the security patch or updating LinkOne to v3.27",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
],
"url": "https://www.hitachienergy.com/contact-us"
},
{
"category": "mitigation",
"details": "Recommended security practices and firewall configurations can help protect the application from attacks that originate from outside the network. Such practices include physically protecting the application from direct access by unauthorized personnel, having no direct connections to the Internet. For the end-user of the application, it is recommended to use the latest browser when accessing the LinkOne application.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
},
{
"category": "mitigation",
"details": "For more information, review Hitachi Energy\u0027s security advisory 8DBD000079",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000079\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Additional recommendation is to follow the hardening guidelines published by The Center for Internet Security (CIS) to protect the host Operating System on which the LinkOne is hosted.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
],
"url": "https://www.cisecurity.org/about-us/"
},
{
"category": "mitigation",
"details": "For additional information and support please contact your product provider or Hitachi Energy service.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
],
"url": "https://www.hitachienergy.com/contact-us/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
}
]
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…