CVE-2023-4816 MEDIUM

CVE-2023-4816

Vendor Hitachi Energy
Product Asset Suite 9
Weakness CWE-287 · Improper authentication
Published September 11, 2023
Last update September 25, 2024

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:H/A:L

What the vulnerability does

01Description

A vulnerability exists in the Equipment Tag Out authentication, when configured with Single Sign-On (SSO) with password validation in T214. This vulnerability can be exploited by an authenticated user per-forming an Equipment Tag Out holder action (Accept, Release, and Clear) for another user and entering an arbitrary password in the holder action confirmation dialog box. Despite entering an arbitrary password in the confirmation box, the system will execute the selected holder action.

Key dates

02Disclosure timeline

September 11, 2023 CVE published
September 25, 2024 Record updated