CVE-2023-4816

CVSS V2 None CVSS V3 None

Description

A vulnerability exists in the Equipment Tag Out authentication, when configured with Single Sign-On (SSO) with password validation in T214. This vulnerability can be exploited by an authenticated user per-forming an Equipment Tag Out holder action (Accept, Release, and Clear) for another user and entering an arbitrary password in the holder action confirmation dialog box. Despite entering an arbitrary password in the confirmation box, the system will execute the selected holder action.

Overview

CVE ID
CVE-2023-4816

Assigner
Hitachi Energy

Vulnerability Status
PUBLISHED

Published Version
2023-09-11T07:40:46.735Z

Last Modified Date
2023-11-01T01:53:57.383Z

Weakness Enumerations

CWE	URL
CWE-287	http://cwe.mitre.org/data/definitions/287.html

References

Reference URL	Reference Tags
https://images.go.hitachienergy.com/Web/ABBEnterpriseSoftware/%7B70b3d323-4866-42e1-8a75-58996729c1d4%7D_8DBD000172-VU-2023-23_Asset_Suite_Tagout_vulnerability_Rev1.pdf

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-4816
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4816

History

Created	Old Value	New Value	Data Type	Notes
2024-06-24 20:02:04				Added to TrackCVE