CVE-2020-36652 MEDIUM

CVE-2020-36652: File and Directory Permissions Vulnerability in Hitachi Automation Director, Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center

Vendor Hitachi

Product Hitachi Automation Director

Weakness CWE-276

Published February 28, 2023

Last update March 7, 2025

View on NVD All CVEs

CVSS base score

6.6/10

Attack vector Local

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

What the vulnerability does

01Description

Incorrect Default Permissions vulnerability in Hitachi Automation Director on Linux, Hitachi Infrastructure Analytics Advisor on Linux (Hitachi Infrastructure Analytics Advisor, Analytics probe server components), Hitachi Ops Center Automator on Linux, Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer, Analyzer probe server components), Hitachi Ops Center Viewpoint on Linux (Viewpoint RAID Agent component) allows local users to read and write specific files. This issue affects Hitachi Automation Director: from 8.2.0-00 through 10.6.1-00; Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.0.0-00; Hitachi Ops Center Automator: before 10.9.1-00; Hitachi Ops Center Analyzer: before 10.9.1-00; Hitachi Ops Center Viewpoint: before 10.9.1-00.

Key dates

02Disclosure timeline

February 28, 2023 CVE published

March 7, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2020-36652 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/276.html

Related vulnerabilities

Identifiers

CVE CVE-2020-36652

CWE CWE-276

CVSS 6.6 / MEDIUM

Affected versions

Vendor Hitachi

Product Hitachi Automation Director

Affected ≥ 8.2.0-00 and ≤ 10.6.1-00

Vendor Hitachi

Product Hitachi Infrastructure Analytics Advisor

Affected ≥ 2.0.0-00 and ≤ 4.0.0-00

Vendor Hitachi

Product Hitachi Ops Center Automator

Affected < 10.9.1-00

Vendor Hitachi

Product Hitachi Ops Center Analyzer

Affected < 10.9.1-00

Vendor Hitachi

Product Hitachi Ops Center Viewpoint

Affected < 10.9.1-00

CVE-2020-36652: File and Directory Permissions Vulnerability in Hitachi Automation Director, Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center

01Description

02Disclosure timeline

03References

04Related CVE