Common Weakness Enumeration

CWE-276

Allowed

Incorrect Default Permissions

Abstraction: Base · Status: Draft

During installation, installed file permissions are set to allow anyone to modify those files.

2035 vulnerabilities reference this CWE, most recent first.

CVE-2023-5042 (GCVE-0-2023-5042)

Vulnerability from cvelistv5 – Published: 2023-09-20 11:03 – Updated: 2026-04-10 13:15
VLAI
Summary
Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40713, Acronis True Image OEM (Windows) before build 42575.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
Acronis Acronis Cyber Protect Home Office Affected: unspecified , < 40713 (semver)
Create a notification for this product.
Acronis Acronis True Image OEM Affected: unspecified , < 42575 (semver)
Create a notification for this product.
Credits
@tkoyeung (https://hackerone.com/tkoyeung)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:44:53.891Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SEC-5330",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security-advisory.acronis.com/advisories/SEC-5330"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-5042",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-24T15:12:39.963610Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-24T15:12:51.418Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "Acronis Cyber Protect Home Office",
          "vendor": "Acronis",
          "versions": [
            {
              "lessThan": "40713",
              "status": "affected",
              "version": "unspecified",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "Acronis True Image OEM",
          "vendor": "Acronis",
          "versions": [
            {
              "lessThan": "42575",
              "status": "affected",
              "version": "unspecified",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "@tkoyeung (https://hackerone.com/tkoyeung)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40713, Acronis True Image OEM (Windows) before build 42575."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "CWE-276",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-10T13:15:14.654Z",
        "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "shortName": "Acronis"
      },
      "references": [
        {
          "name": "SEC-5330",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security-advisory.acronis.com/advisories/SEC-5330"
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
    "assignerShortName": "Acronis",
    "cveId": "CVE-2023-5042",
    "datePublished": "2023-09-20T11:03:34.796Z",
    "dateReserved": "2023-09-18T12:18:29.150Z",
    "dateUpdated": "2026-04-10T13:15:14.654Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-4706 (GCVE-0-2023-4706)

Vulnerability from cvelistv5 – Published: 2023-11-08 21:59 – Updated: 2024-08-02 07:37
VLAI
Summary
A privilege escalation vulnerability was reported in Lenovo preloaded devices deployed using Microsoft AutoPilot under a standard user account due to incorrect default privileges.
CWE
  • CWE-276 - Incorrect Default Permissions
Assigner
Impacted products
Vendor Product Version
Lenovo 1Lenovo Preload Directory Affected: Refer to Mitigation strategy section in LEN-127385
Create a notification for this product.
Credits
Lenovo thanks Steven Pritchard for reporting this issue.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:37:59.548Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.lenovo.com/us/en/product_security/LEN-127385"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "1Lenovo Preload Directory",
          "vendor": "Lenovo",
          "versions": [
            {
              "status": "affected",
              "version": "Refer to Mitigation strategy section in LEN-127385"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Lenovo thanks Steven Pritchard for reporting this issue. "
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA privilege escalation vulnerability was reported in Lenovo preloaded devices deployed using Microsoft AutoPilot under a standard user account due to incorrect default privileges.\u003c/span\u003e\n\n"
            }
          ],
          "value": "\nA privilege escalation vulnerability was reported in Lenovo preloaded devices deployed using Microsoft AutoPilot under a standard user account due to incorrect default privileges.\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "CWE-276 Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-08T21:59:24.521Z",
        "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "shortName": "lenovo"
      },
      "references": [
        {
          "url": "https://support.lenovo.com/us/en/product_security/LEN-127385"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Refer to Mitigation strategy section in the advisory:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.lenovo.com/us/en/product_security/LEN-127385\"\u003ehttps://support.lenovo.com/us/en/product_security/LEN-127385\u003c/a\u003e\u003cbr\u003e"
            }
          ],
          "value": "Refer to Mitigation strategy section in the advisory:\u00a0 https://support.lenovo.com/us/en/product_security/LEN-127385 \n"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
    "assignerShortName": "lenovo",
    "cveId": "CVE-2023-4706",
    "datePublished": "2023-11-08T21:59:24.521Z",
    "dateReserved": "2023-09-01T12:24:23.166Z",
    "dateUpdated": "2024-08-02T07:37:59.548Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-4664 (GCVE-0-2023-4664)

Vulnerability from cvelistv5 – Published: 2023-09-15 08:38 – Updated: 2026-05-21 12:24
VLAI
Title
Privilage Escalation in Saphira Connect
Summary
Incorrect Default Permissions vulnerability in Saphira Saphira Connect allows Privilege Escalation. This issue affects Saphira Connect: before 9.
CWE
  • CWE-276 - Incorrect Default Permissions
Assigner
References
Impacted products
Vendor Product Version
Saphira Saphira Connect Affected: 0 , < 9 (custom)
Create a notification for this product.
Date Public
2023-09-15 08:30
Credits
Efe OZEL Omer YILMAZ Fordefence
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:31:06.680Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "government-resource",
              "x_transferred"
            ],
            "url": "https://www.usom.gov.tr/bildirim/tr-23-0535"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Saphira Connect",
          "vendor": "Saphira",
          "versions": [
            {
              "lessThan": "9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Efe OZEL"
        },
        {
          "lang": "en",
          "type": "analyst",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Omer YILMAZ"
        },
        {
          "lang": "en",
          "type": "sponsor",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Fordefence"
        }
      ],
      "datePublic": "2023-09-15T08:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Incorrect Default Permissions vulnerability in Saphira Saphira Connect allows Privilege Escalation.\u003cp\u003eThis issue affects Saphira Connect: before 9.\u003c/p\u003e"
            }
          ],
          "value": "Incorrect Default Permissions vulnerability in Saphira Saphira Connect allows Privilege Escalation.\n\nThis issue affects Saphira Connect: before 9."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "CWE-276 Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-21T12:24:59.708Z",
        "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
        "shortName": "TR-CERT"
      },
      "references": [
        {
          "tags": [
            "government-resource",
            "broken-link"
          ],
          "url": "https://www.usom.gov.tr/bildirim/tr-23-0535"
        },
        {
          "tags": [
            "government-resource"
          ],
          "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0535"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update the software to \u0026gt;=v.9"
            }
          ],
          "value": "Update the software to \u003e=v.9"
        }
      ],
      "source": {
        "advisory": "TR-23-0535",
        "defect": [
          "TR-23-0535"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "Privilage Escalation in Saphira Connect",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
    "assignerShortName": "TR-CERT",
    "cveId": "CVE-2023-4664",
    "datePublished": "2023-09-15T08:38:09.957Z",
    "dateReserved": "2023-08-31T07:41:46.554Z",
    "dateUpdated": "2026-05-21T12:24:59.708Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-4091 (GCVE-0-2023-4091)

Vulnerability from cvelistv5 – Published: 2023-11-03 07:56 – Updated: 2025-11-20 18:27
VLAI
Title
Samba: smb clients can truncate files with read-only permissions
Summary
A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with "acl_xattr:ignore system acls = yes". The SMB protocol allows opening files when the client requests read-only access but then implicitly truncates the opened file to 0 bytes if the client specifies a separate OVERWRITE create disposition request. The issue arises in configurations that bypass kernel file system permissions checks, relying solely on Samba's permissions.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-276 - Incorrect Default Permissions
Assigner
Impacted products
Vendor Product Version
Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:4.18.6-2.el8_9 , < * (rpm)
    cpe:/o:redhat:enterprise_linux:8::baseos
    cpe:/a:redhat:enterprise_linux:8::crb
    cpe:/a:redhat:enterprise_linux:8::appstream
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 8.6 Extended Update Support Unaffected: 0:4.15.5-13.el8_6 , < * (rpm)
    cpe:/o:redhat:rhel_eus:8.6::baseos
    cpe:/o:redhat:rhev_hypervisor:4.4::el8
    cpe:/a:redhat:rhel_eus:8.6::crb
    cpe:/a:redhat:rhel_eus:8.6::appstream
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 0:4.17.5-4.el8_8 , < * (rpm)
    cpe:/a:redhat:rhel_eus:8.8::appstream
    cpe:/o:redhat:rhel_eus:8.8::baseos
    cpe:/a:redhat:rhel_eus:8.8::crb
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:4.18.6-101.el9_3 , < * (rpm)
    cpe:/o:redhat:enterprise_linux:9::baseos
    cpe:/a:redhat:enterprise_linux:9::appstream
    cpe:/a:redhat:enterprise_linux:9::crb
    cpe:/a:redhat:enterprise_linux:9::resilientstorage
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 9.0 Extended Update Support Unaffected: 0:4.15.5-111.el9_0 , < * (rpm)
    cpe:/a:redhat:rhel_eus:9.0::resilientstorage
    cpe:/a:redhat:rhel_eus:9.0::appstream
    cpe:/a:redhat:rhel_eus:9.0::crb
    cpe:/o:redhat:rhel_eus:9.0::baseos
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:4.17.5-104.el9_2 , < * (rpm)
    cpe:/a:redhat:rhel_eus:9.2::appstream
    cpe:/a:redhat:rhel_eus:9.2::crb
    cpe:/o:redhat:rhel_eus:9.2::baseos
    cpe:/a:redhat:rhel_eus:9.2::resilientstorage
Create a notification for this product.
Red Hat Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 Unaffected: 0:4.15.5-13.el8_6 , < * (rpm)
    cpe:/o:redhat:rhel_eus:8.6::baseos
    cpe:/o:redhat:rhev_hypervisor:4.4::el8
    cpe:/a:redhat:rhel_eus:8.6::crb
    cpe:/a:redhat:rhel_eus:8.6::appstream
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
Create a notification for this product.
Red Hat Red Hat Storage 3     cpe:/a:redhat:storage:3
Create a notification for this product.
Date Public
2023-10-10 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-4091",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-25T16:18:12.014053Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:27:11.711Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:17:11.687Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2023:6209",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2023:6209"
          },
          {
            "name": "RHSA-2023:6744",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2023:6744"
          },
          {
            "name": "RHSA-2023:7371",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2023:7371"
          },
          {
            "name": "RHSA-2023:7408",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2023:7408"
          },
          {
            "name": "RHSA-2023:7464",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2023:7464"
          },
          {
            "name": "RHSA-2023:7467",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2023:7467"
          },
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-4091"
          },
          {
            "name": "RHBZ#2241882",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241882"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.samba.org/show_bug.cgi?id=15439"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZUMVALLFFDFC53JZMUWA6HPD7HUGAP5I/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20231124-0002/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.samba.org/samba/security/CVE-2023-4091.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8::baseos",
            "cpe:/a:redhat:enterprise_linux:8::crb",
            "cpe:/a:redhat:enterprise_linux:8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "samba",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.18.6-2.el8_9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8::baseos",
            "cpe:/a:redhat:enterprise_linux:8::crb",
            "cpe:/a:redhat:enterprise_linux:8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "samba",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.18.6-2.el8_9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_eus:8.6::baseos",
            "cpe:/o:redhat:rhev_hypervisor:4.4::el8",
            "cpe:/a:redhat:rhel_eus:8.6::crb",
            "cpe:/a:redhat:rhel_eus:8.6::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "samba",
          "product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.15.5-13.el8_6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:8.8::appstream",
            "cpe:/o:redhat:rhel_eus:8.8::baseos",
            "cpe:/a:redhat:rhel_eus:8.8::crb"
          ],
          "defaultStatus": "affected",
          "packageName": "samba",
          "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.17.5-4.el8_8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9::baseos",
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/a:redhat:enterprise_linux:9::crb",
            "cpe:/a:redhat:enterprise_linux:9::resilientstorage"
          ],
          "defaultStatus": "affected",
          "packageName": "samba",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.18.6-101.el9_3",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9::baseos",
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/a:redhat:enterprise_linux:9::crb",
            "cpe:/a:redhat:enterprise_linux:9::resilientstorage"
          ],
          "defaultStatus": "affected",
          "packageName": "samba",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.18.6-101.el9_3",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.0::resilientstorage",
            "cpe:/a:redhat:rhel_eus:9.0::appstream",
            "cpe:/a:redhat:rhel_eus:9.0::crb",
            "cpe:/o:redhat:rhel_eus:9.0::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "samba",
          "product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.15.5-111.el9_0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.2::appstream",
            "cpe:/a:redhat:rhel_eus:9.2::crb",
            "cpe:/o:redhat:rhel_eus:9.2::baseos",
            "cpe:/a:redhat:rhel_eus:9.2::resilientstorage"
          ],
          "defaultStatus": "affected",
          "packageName": "samba",
          "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.17.5-104.el9_2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_eus:8.6::baseos",
            "cpe:/o:redhat:rhev_hypervisor:4.4::el8",
            "cpe:/a:redhat:rhel_eus:8.6::crb",
            "cpe:/a:redhat:rhel_eus:8.6::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "samba",
          "product": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.15.5-13.el8_6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "samba",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "samba4",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "samba",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:storage:3"
          ],
          "defaultStatus": "unknown",
          "packageName": "samba",
          "product": "Red Hat Storage 3",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2023-10-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module \"acl_xattr\" is configured with \"acl_xattr:ignore system acls = yes\". The SMB protocol allows opening files when the client requests read-only access but then implicitly truncates the opened file to 0 bytes if the client specifies a separate OVERWRITE create disposition request. The issue arises in configurations that bypass kernel file system permissions checks, relying solely on Samba\u0027s permissions."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-20T18:27:17.162Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2023:6209",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2023:6209"
        },
        {
          "name": "RHSA-2023:6744",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2023:6744"
        },
        {
          "name": "RHSA-2023:7371",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2023:7371"
        },
        {
          "name": "RHSA-2023:7408",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2023:7408"
        },
        {
          "name": "RHSA-2023:7464",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2023:7464"
        },
        {
          "name": "RHSA-2023:7467",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2023:7467"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2023-4091"
        },
        {
          "name": "RHBZ#2241882",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241882"
        },
        {
          "url": "https://bugzilla.samba.org/show_bug.cgi?id=15439"
        },
        {
          "url": "https://www.samba.org/samba/security/CVE-2023-4091.html"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-10-03T00:00:00.000Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2023-10-10T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Samba: smb clients can truncate files with read-only permissions",
      "workarounds": [
        {
          "lang": "en",
          "value": "The vulnerability is most commonly associated with the \"acl_xattr\" module and can be mitigated by setting:\n~~~\n\"acl_xattr:ignore system acls = no\"\n~~~"
        }
      ],
      "x_redhatCweChain": "CWE-276: Incorrect Default Permissions"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-4091",
    "datePublished": "2023-11-03T07:56:35.611Z",
    "dateReserved": "2023-08-02T09:43:21.439Z",
    "dateUpdated": "2025-11-20T18:27:17.162Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-4088 (GCVE-0-2023-4088)

Vulnerability from cvelistv5 – Published: 2023-09-20 02:26 – Updated: 2024-09-24 18:27
VLAI
Title
Malicious Code Execution Vulnerability in FA Engineering Software Products
Summary
Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation multiple FA engineering software products allows a malicious local attacker to execute a malicious code, resulting in information disclosure, tampering with and deletion, or a denial-of-service (DoS) condition, if the product is installed in a folder other than the default installation folder.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-276 - Incorrect Default Permissions
Assigner
Impacted products
Vendor Product Version
Mitsubishi Electric Corporation GX Works3 Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation AL-PCS/WIN-E Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation CPU Module Logging Configuration Tool Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation EZSocket Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation FR Configurator2 Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation FX Configurator-EN Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation FX Configurator-EN-L Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation FX Configurator-FP Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation GT Designer3 Version1(GOT1000) Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation GT Designer3 Version1(GOT2000) Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation GT SoftGOT1000 Version3 Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation GT SoftGOT2000 Version1 Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation GX LogViewer Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation GX Works2 Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSOFT FieldDeviceConfigurator Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSOFT iQ AppPortal Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSOFT MaiLab Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSOFT Navigator Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSOFT Update Manager Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MX Component Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MX Sheet Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation PX Developer Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation RT ToolBox3 Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation RT VisualBox Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation Data Transfer Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation Data Transfer Classic Affected: all versions
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:17:12.060Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-010_en.pdf"
          },
          {
            "tags": [
              "government-resource",
              "x_transferred"
            ],
            "url": "https://jvn.jp/vu/JVNVU96447193/index.html"
          },
          {
            "tags": [
              "government-resource",
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-269-03"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-4088",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-24T18:27:00.307770Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-24T18:27:11.655Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "GX Works3",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AL-PCS/WIN-E",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CPU Module Logging Configuration Tool",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "EZSocket",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FR Configurator2",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FX Configurator-EN",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FX Configurator-EN-L",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FX Configurator-FP",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "GT Designer3 Version1(GOT1000)",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "GT Designer3 Version1(GOT2000)",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "GT SoftGOT1000 Version3",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "GT SoftGOT2000 Version1",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "GX LogViewer",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "GX Works2",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSOFT FieldDeviceConfigurator",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSOFT iQ AppPortal",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSOFT MaiLab",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSOFT Navigator",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSOFT Update Manager",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MX Component",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MX Sheet",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PX Developer",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "RT ToolBox3",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "RT VisualBox",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Data Transfer",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Data Transfer Classic",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation multiple FA engineering software products allows a malicious local attacker to execute a malicious code, resulting in information disclosure, tampering with and deletion, or a denial-of-service (DoS) condition, if the product is installed in a folder other than the default installation folder."
            }
          ],
          "value": "Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation multiple FA engineering software products allows a malicious local attacker to execute a malicious code, resulting in information disclosure, tampering with and deletion, or a denial-of-service (DoS) condition, if the product is installed in a folder other than the default installation folder."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Malicious Code Execution"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "CWE-276 Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-04T09:16:28.950Z",
        "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "shortName": "Mitsubishi"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-010_en.pdf"
        },
        {
          "tags": [
            "government-resource"
          ],
          "url": "https://jvn.jp/vu/JVNVU96447193/index.html"
        },
        {
          "tags": [
            "government-resource"
          ],
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-269-03"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Malicious Code Execution Vulnerability in FA Engineering Software Products",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
    "assignerShortName": "Mitsubishi",
    "cveId": "CVE-2023-4088",
    "datePublished": "2023-09-20T02:26:43.901Z",
    "dateReserved": "2023-08-02T04:52:49.923Z",
    "dateUpdated": "2024-09-24T18:27:11.655Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-3440 (GCVE-0-2023-3440)

Vulnerability from cvelistv5 – Published: 2023-10-03 01:05 – Updated: 2024-08-02 06:55
VLAI
Title
File and Directory Permission Vulnerability in JP1/Performance Management
Summary
Incorrect Default Permissions vulnerability in Hitachi JP1/Performance Management on Windows allows File Manipulation.This issue affects JP1/Performance Management - Manager: from 09-00 before 12-50-07; JP1/Performance Management - Base: from 09-00 through 10-50-*; JP1/Performance Management - Agent Option for Application Server: from 11-00 before 11-50-16; JP1/Performance Management - Agent Option for Enterprise Applications: from 09-00 before 12-00-14; JP1/Performance Management - Agent Option for HiRDB: from 09-00 before 12-00-14; JP1/Performance Management - Agent Option for IBM Lotus Domino: from 10-00 before 11-50-16; JP1/Performance Management - Agent Option for Microsoft(R) Exchange Server: from 09-00 before  12-00-14; JP1/Performance Management - Agent Option for Microsoft(R) Internet Information Server: from 09-00 before 12-00-14; JP1/Performance Management - Agent Option for Microsoft(R) SQL Server: from 09-00 before 12-50-07; JP1/Performance Management - Agent Option for Oracle: from 09-00 before  12-10-08; JP1/Performance Management - Agent Option for Platform: from 09-00 before 12-50-07; JP1/Performance Management - Agent Option for Service Response: from 09-00 before 11-50-16; JP1/Performance Management - Agent Option for Transaction System: from 11-00 before 12-00-14; JP1/Performance Management - Remote Monitor for Microsoft(R) SQL Server: from 09-00 before 12-50-07; JP1/Performance Management - Remote Monitor for Oracle: from 09-00 before 12-10-08; JP1/Performance Management - Remote Monitor for Platform: from 09-00 before 12-10-08; JP1/Performance Management - Remote Monitor for Virtual Machine: from 10-00 before 12-50-07; JP1/Performance Management - Agent Option for Domino: from 09-00 through 09-00-*; JP1/Performance Management - Agent Option for IBM WebSphere Application Server: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for IBM WebSphere MQ: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for JP1/AJS3: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for OpenTP1: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for Oracle WebLogic Server: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for uCosminexus Application Server: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for Virtual Machine: from 09-00 through 09-01-*.
CWE
  • CWE-276 - Incorrect Default Permissions
Assigner
References
Impacted products
Vendor Product Version
Hitachi JP1/Performance Management - Manager Affected: 09-00 , < 11-50 (custom)
Affected: 11-50 , < 11-50-16 (custom)
Affected: 12-00 , < 12-00-14 (custom)
Affected: 12-10 , < 12-10-08 (custom)
Affected: 12-50 , < 12-50-07 (custom)
Create a notification for this product.
Hitachi JP1/Performance Management - Base Affected: 09-00 , ≤ 10-50-* (custom)
Create a notification for this product.
Hitachi JP1/Performance Management - Agent Option for Application Server Affected: 11-00 , < 11-50-16 (custom)
Create a notification for this product.
Hitachi JP1/Performance Management - Agent Option for Enterprise Applications Affected: 09-00 , < 11-50 (custom)
Affected: 11-50 , < 11-50-16 (custom)
Affected: 12-00 , < 12-00-14 (custom)
Create a notification for this product.
Hitachi JP1/Performance Management - Agent Option for HiRDB Affected: 09-00 , < 11-50 (custom)
Affected: 11-50 , < 11-50-16 (custom)
Affected: 12-00 , < 12-00-14 (custom)
Create a notification for this product.
Hitachi JP1/Performance Management - Agent Option for IBM Lotus Domino Affected: 10-00 , < 11-50-16 (custom)
Create a notification for this product.
Hitachi JP1/Performance Management - Agent Option for Microsoft(R) Exchange Server Affected: 09-00 , < 11-50 (custom)
Affected: 11-50 , < 11-50-16 (custom)
Affected: 12-00 , < 12-00-14 (custom)
Create a notification for this product.
Hitachi JP1/Performance Management - Agent Option for Microsoft(R) Internet Information Server Affected: 09-00 , < 11-50 (custom)
Affected: 11-50 , < 11-50-16 (custom)
Affected: 12-00 , < 12-00-14 (custom)
Create a notification for this product.
Hitachi JP1/Performance Management - Agent Option for Microsoft(R) SQL Server Affected: 09-00 , < 11-50 (custom)
Affected: 11-50 , < 11-50-16 (custom)
Affected: 12-00 , < 12-00-14 (custom)
Affected: 12-50 , < 12-50-07 (custom)
Create a notification for this product.
Hitachi JP1/Performance Management - Agent Option for Oracle Affected: 09-00 , < 11-50 (custom)
Affected: 11-50 , < 11-50-16 (custom)
Affected: 12-00 , < 12-00-14 (custom)
Affected: 12-10 , < 12-10-08 (custom)
Create a notification for this product.
Hitachi JP1/Performance Management - Agent Option for Platform Affected: 09-00 , < 11-50 (custom)
Affected: 11-50 , < 11-50-16 (custom)
Affected: 12-00 , < 12-00-14 (custom)
Affected: 12-50 , < 12-50-07 (custom)
Create a notification for this product.
Hitachi JP1/Performance Management - Agent Option for Service Response Affected: 09-00 , < 11-50-16 (custom)
Create a notification for this product.
Hitachi JP1/Performance Management - Agent Option for Transaction System Affected: 11-00 , < 11-50-16 (custom)
Affected: 12-00 , < 12-00-14 (custom)
Create a notification for this product.
Hitachi JP1/Performance Management - Remote Monitor for Microsoft(R) SQL Server Affected: 09-00 , < 11-50 (custom)
Affected: 11-50 , < 11-50-16 (custom)
Affected: 12-00 , < 12-00-14 (custom)
Affected: 12-50 , < 12-50-07 (custom)
Create a notification for this product.
Hitachi JP1/Performance Management - Remote Monitor for Oracle Affected: 09-00 , < 11-50 (custom)
Affected: 11-50 , < 11-50-16 (custom)
Affected: 12-00 , < 12-00-14 (custom)
Affected: 12-10 , < 12-10-08 (custom)
Create a notification for this product.
Hitachi JP1/Performance Management - Remote Monitor for Platform Affected: 09-00 , < 11-50 (custom)
Affected: 11-50 , < 11-50-16 (custom)
Affected: 12-00 , < 12-00-14 (custom)
Affected: 12-10 , < 12-10-08 (custom)
Create a notification for this product.
Hitachi JP1/Performance Management - Remote Monitor for Virtual Machine Affected: 10-00 , < 11-50 (custom)
Affected: 11-50 , < 11-50-16 (custom)
Affected: 12-00 , < 12-00-14 (custom)
Affected: 12-10 , < 12-10-08 (custom)
Affected: 12-50 , < 12-50-07 (custom)
Create a notification for this product.
Hitachi JP1/Performance Management - Agent Option for Domino Affected: 09-00 , ≤ 09-00-* (custom)
Create a notification for this product.
Hitachi JP1/Performance Management - Agent Option for IBM WebSphere Application Server Affected: 09-00 , ≤ 10-00-* (custom)
Create a notification for this product.
Hitachi JP1/Performance Management - Agent Option for IBM WebSphere MQ Affected: 09-00 , ≤ 10-00-* (custom)
Create a notification for this product.
Hitachi JP1/Performance Management - Agent Option for JP1/AJS3 Affected: 09-00 , ≤ 10-00-* (custom)
Create a notification for this product.
Hitachi JP1/Performance Management - Agent Option for OpenTP1 Affected: 09-00 , ≤ 10-00-* (custom)
Create a notification for this product.
Hitachi JP1/Performance Management - Agent Option for Oracle WebLogic Server Affected: 09-00 , ≤ 10-00-* (custom)
Create a notification for this product.
Hitachi JP1/Performance Management - Agent Option for uCosminexus Application Server Affected: 09-00 , ≤ 10-00-* (custom)
Create a notification for this product.
Hitachi JP1/Performance Management - Agent Option for Virtual Machine Affected: 09-00 , ≤ 09-01-* (custom)
Create a notification for this product.
Credits
Taku Toyama Masaya Suzuki
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T06:55:03.179Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-145/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "JP1/Performance Management - Manager",
          "vendor": "Hitachi",
          "versions": [
            {
              "lessThan": "11-50",
              "status": "affected",
              "version": "09-00",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "11-50-16",
                  "status": "unaffected"
                }
              ],
              "lessThan": "11-50-16",
              "status": "affected",
              "version": "11-50",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "12-00-14",
                  "status": "unaffected"
                }
              ],
              "lessThan": "12-00-14",
              "status": "affected",
              "version": "12-00",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "12-10-08",
                  "status": "unaffected"
                }
              ],
              "lessThan": "12-10-08",
              "status": "affected",
              "version": "12-10",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "12-50-07",
                  "status": "unaffected"
                }
              ],
              "lessThan": "12-50-07",
              "status": "affected",
              "version": "12-50",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "JP1/Performance Management - Base",
          "vendor": "Hitachi",
          "versions": [
            {
              "lessThanOrEqual": "10-50-*",
              "status": "affected",
              "version": "09-00",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "JP1/Performance Management - Agent Option for Application Server",
          "vendor": "Hitachi",
          "versions": [
            {
              "changes": [
                {
                  "at": "11-50-16",
                  "status": "unaffected"
                }
              ],
              "lessThan": "11-50-16",
              "status": "affected",
              "version": "11-00",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "JP1/Performance Management - Agent Option for Enterprise Applications",
          "vendor": "Hitachi",
          "versions": [
            {
              "lessThan": "11-50",
              "status": "affected",
              "version": "09-00",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "11-50-16",
                  "status": "unaffected"
                }
              ],
              "lessThan": "11-50-16",
              "status": "affected",
              "version": "11-50",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "12-00-14",
                  "status": "unaffected"
                }
              ],
              "lessThan": "12-00-14",
              "status": "affected",
              "version": "12-00",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "JP1/Performance Management - Agent Option for HiRDB",
          "vendor": "Hitachi",
          "versions": [
            {
              "lessThan": "11-50",
              "status": "affected",
              "version": "09-00",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "11-50-16",
                  "status": "unaffected"
                }
              ],
              "lessThan": "11-50-16",
              "status": "affected",
              "version": "11-50",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "12-00-14",
                  "status": "unaffected"
                }
              ],
              "lessThan": "12-00-14",
              "status": "affected",
              "version": "12-00",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "JP1/Performance Management - Agent Option for IBM Lotus Domino",
          "vendor": "Hitachi",
          "versions": [
            {
              "changes": [
                {
                  "at": "11-50-16",
                  "status": "unaffected"
                }
              ],
              "lessThan": "11-50-16",
              "status": "affected",
              "version": "10-00",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "JP1/Performance Management - Agent Option for Microsoft(R) Exchange Server",
          "vendor": "Hitachi",
          "versions": [
            {
              "lessThan": "11-50",
              "status": "affected",
              "version": "09-00",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "11-50-16",
                  "status": "unaffected"
                }
              ],
              "lessThan": "11-50-16",
              "status": "affected",
              "version": "11-50",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "12-00-14",
                  "status": "unaffected"
                }
              ],
              "lessThan": "12-00-14",
              "status": "affected",
              "version": "12-00",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "JP1/Performance Management - Agent Option for Microsoft(R) Internet Information Server",
          "vendor": "Hitachi",
          "versions": [
            {
              "lessThan": "11-50",
              "status": "affected",
              "version": "09-00",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "11-50-16",
                  "status": "unaffected"
                }
              ],
              "lessThan": "11-50-16",
              "status": "affected",
              "version": "11-50",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "12-00-14",
                  "status": "unaffected"
                }
              ],
              "lessThan": "12-00-14",
              "status": "affected",
              "version": "12-00",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "JP1/Performance Management - Agent Option for Microsoft(R) SQL Server",
          "vendor": "Hitachi",
          "versions": [
            {
              "lessThan": "11-50",
              "status": "affected",
              "version": "09-00",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "11-50-16",
                  "status": "unaffected"
                }
              ],
              "lessThan": "11-50-16",
              "status": "affected",
              "version": "11-50",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "12-00-14",
                  "status": "unaffected"
                }
              ],
              "lessThan": "12-00-14",
              "status": "affected",
              "version": "12-00",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "12-50-07",
                  "status": "unaffected"
                }
              ],
              "lessThan": "12-50-07",
              "status": "affected",
              "version": "12-50",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "JP1/Performance Management - Agent Option for Oracle",
          "vendor": "Hitachi",
          "versions": [
            {
              "lessThan": "11-50",
              "status": "affected",
              "version": "09-00",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "11-50-16",
                  "status": "unaffected"
                }
              ],
              "lessThan": "11-50-16",
              "status": "affected",
              "version": "11-50",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "12-00-14",
                  "status": "unaffected"
                }
              ],
              "lessThan": "12-00-14",
              "status": "affected",
              "version": "12-00",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "12-10-08",
                  "status": "unaffected"
                }
              ],
              "lessThan": "12-10-08",
              "status": "affected",
              "version": "12-10",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "JP1/Performance Management - Agent Option for Platform",
          "vendor": "Hitachi",
          "versions": [
            {
              "lessThan": "11-50",
              "status": "affected",
              "version": "09-00",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "11-50-16",
                  "status": "unaffected"
                }
              ],
              "lessThan": "11-50-16",
              "status": "affected",
              "version": "11-50",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "12-00-14",
                  "status": "unaffected"
                }
              ],
              "lessThan": "12-00-14",
              "status": "affected",
              "version": "12-00",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "12-50-07",
                  "status": "unaffected"
                }
              ],
              "lessThan": "12-50-07",
              "status": "affected",
              "version": "12-50",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "JP1/Performance Management - Agent Option for Service Response",
          "vendor": "Hitachi",
          "versions": [
            {
              "changes": [
                {
                  "at": "11-50-16",
                  "status": "unaffected"
                }
              ],
              "lessThan": "11-50-16",
              "status": "affected",
              "version": "09-00",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "JP1/Performance Management - Agent Option for Transaction System",
          "vendor": "Hitachi",
          "versions": [
            {
              "changes": [
                {
                  "at": "11-50-16",
                  "status": "unaffected"
                }
              ],
              "lessThan": "11-50-16",
              "status": "affected",
              "version": "11-00",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "12-00-14",
                  "status": "unaffected"
                }
              ],
              "lessThan": "12-00-14",
              "status": "affected",
              "version": "12-00",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "JP1/Performance Management - Remote Monitor for Microsoft(R) SQL Server",
          "vendor": "Hitachi",
          "versions": [
            {
              "lessThan": "11-50",
              "status": "affected",
              "version": "09-00",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "11-50-16",
                  "status": "unaffected"
                }
              ],
              "lessThan": "11-50-16",
              "status": "affected",
              "version": "11-50",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "12-00-14",
                  "status": "unaffected"
                }
              ],
              "lessThan": "12-00-14",
              "status": "affected",
              "version": "12-00",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "12-50-07",
                  "status": "unaffected"
                }
              ],
              "lessThan": "12-50-07",
              "status": "affected",
              "version": "12-50",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "JP1/Performance Management - Remote Monitor for Oracle",
          "vendor": "Hitachi",
          "versions": [
            {
              "lessThan": "11-50",
              "status": "affected",
              "version": "09-00",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "11-50-16",
                  "status": "unaffected"
                }
              ],
              "lessThan": "11-50-16",
              "status": "affected",
              "version": "11-50",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "12-00-14",
                  "status": "unaffected"
                }
              ],
              "lessThan": "12-00-14",
              "status": "affected",
              "version": "12-00",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "12-10-08",
                  "status": "unaffected"
                }
              ],
              "lessThan": "12-10-08",
              "status": "affected",
              "version": "12-10",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "JP1/Performance Management - Remote Monitor for Platform",
          "vendor": "Hitachi",
          "versions": [
            {
              "lessThan": "11-50",
              "status": "affected",
              "version": "09-00",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "11-50-16",
                  "status": "unaffected"
                }
              ],
              "lessThan": "11-50-16",
              "status": "affected",
              "version": "11-50",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "12-00-14",
                  "status": "unaffected"
                }
              ],
              "lessThan": "12-00-14",
              "status": "affected",
              "version": "12-00",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "12-10-08",
                  "status": "unaffected"
                }
              ],
              "lessThan": "12-10-08",
              "status": "affected",
              "version": "12-10",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "JP1/Performance Management - Remote Monitor for Virtual Machine",
          "vendor": "Hitachi",
          "versions": [
            {
              "lessThan": "11-50",
              "status": "affected",
              "version": "10-00",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "11-50-16",
                  "status": "unaffected"
                }
              ],
              "lessThan": "11-50-16",
              "status": "affected",
              "version": "11-50",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "12-00-14",
                  "status": "unaffected"
                }
              ],
              "lessThan": "12-00-14",
              "status": "affected",
              "version": "12-00",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "12-10-08",
                  "status": "unaffected"
                }
              ],
              "lessThan": "12-10-08",
              "status": "affected",
              "version": "12-10",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "12-50-07",
                  "status": "unaffected"
                }
              ],
              "lessThan": "12-50-07",
              "status": "affected",
              "version": "12-50",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "JP1/Performance Management - Agent Option for Domino",
          "vendor": "Hitachi",
          "versions": [
            {
              "lessThanOrEqual": "09-00-*",
              "status": "affected",
              "version": "09-00",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "JP1/Performance Management - Agent Option for IBM WebSphere Application Server",
          "vendor": "Hitachi",
          "versions": [
            {
              "lessThanOrEqual": "10-00-*",
              "status": "affected",
              "version": "09-00",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "JP1/Performance Management - Agent Option for IBM WebSphere MQ",
          "vendor": "Hitachi",
          "versions": [
            {
              "lessThanOrEqual": "10-00-*",
              "status": "affected",
              "version": "09-00",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "JP1/Performance Management - Agent Option for JP1/AJS3",
          "vendor": "Hitachi",
          "versions": [
            {
              "lessThanOrEqual": "10-00-*",
              "status": "affected",
              "version": "09-00",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "JP1/Performance Management - Agent Option for OpenTP1",
          "vendor": "Hitachi",
          "versions": [
            {
              "lessThanOrEqual": "10-00-*",
              "status": "affected",
              "version": "09-00",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "JP1/Performance Management - Agent Option for Oracle WebLogic Server",
          "vendor": "Hitachi",
          "versions": [
            {
              "lessThanOrEqual": "10-00-*",
              "status": "affected",
              "version": "09-00",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "JP1/Performance Management - Agent Option for uCosminexus Application Server",
          "vendor": "Hitachi",
          "versions": [
            {
              "lessThanOrEqual": "10-00-*",
              "status": "affected",
              "version": "09-00",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "JP1/Performance Management - Agent Option for Virtual Machine",
          "vendor": "Hitachi",
          "versions": [
            {
              "lessThanOrEqual": "09-01-*",
              "status": "affected",
              "version": "09-00",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Taku Toyama"
        },
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Masaya Suzuki"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Incorrect Default Permissions vulnerability in Hitachi JP1/Performance Management on Windows allows File Manipulation.\u003cp\u003eThis issue affects JP1/Performance Management - Manager: from 09-00 before 12-50-07; JP1/Performance Management - Base: from 09-00 through 10-50-*; JP1/Performance Management - Agent Option for Application Server: from 11-00 before 11-50-16; JP1/Performance Management - Agent Option for Enterprise Applications: from 09-00 before 12-00-14; JP1/Performance Management - Agent Option for HiRDB: from 09-00 before 12-00-14; JP1/Performance Management - Agent Option for IBM Lotus Domino: from 10-00 before 11-50-16; JP1/Performance Management - Agent Option for Microsoft(R) Exchange Server: from 09-00 before\u0026nbsp; 12-00-14; JP1/Performance Management - Agent Option for Microsoft(R) Internet Information Server: from 09-00 before 12-00-14; JP1/Performance Management - Agent Option for Microsoft(R) SQL Server: from 09-00 before 12-50-07; JP1/Performance Management - Agent Option for Oracle: from 09-00 before\u0026nbsp; 12-10-08; JP1/Performance Management - Agent Option for Platform: from 09-00 before 12-50-07; JP1/Performance Management - Agent Option for Service Response: from 09-00 before 11-50-16; JP1/Performance Management - Agent Option for Transaction System: from 11-00 before 12-00-14; JP1/Performance Management - Remote Monitor for Microsoft(R) SQL Server: from 09-00 before 12-50-07; JP1/Performance Management - Remote Monitor for Oracle: from 09-00 before 12-10-08; JP1/Performance Management - Remote Monitor for Platform: from 09-00 before 12-10-08; JP1/Performance Management - Remote Monitor for Virtual Machine: from 10-00 before 12-50-07; JP1/Performance Management - Agent Option for Domino: from 09-00 through 09-00-*; JP1/Performance Management - Agent Option for IBM WebSphere Application Server: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for IBM WebSphere MQ: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for JP1/AJS3: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for OpenTP1: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for Oracle WebLogic Server: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for uCosminexus Application Server: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for Virtual Machine: from 09-00 through 09-01-*.\u003c/p\u003e"
            }
          ],
          "value": "Incorrect Default Permissions vulnerability in Hitachi JP1/Performance Management on Windows allows File Manipulation.This issue affects JP1/Performance Management - Manager: from 09-00 before 12-50-07; JP1/Performance Management - Base: from 09-00 through 10-50-*; JP1/Performance Management - Agent Option for Application Server: from 11-00 before 11-50-16; JP1/Performance Management - Agent Option for Enterprise Applications: from 09-00 before 12-00-14; JP1/Performance Management - Agent Option for HiRDB: from 09-00 before 12-00-14; JP1/Performance Management - Agent Option for IBM Lotus Domino: from 10-00 before 11-50-16; JP1/Performance Management - Agent Option for Microsoft(R) Exchange Server: from 09-00 before\u00a0 12-00-14; JP1/Performance Management - Agent Option for Microsoft(R) Internet Information Server: from 09-00 before 12-00-14; JP1/Performance Management - Agent Option for Microsoft(R) SQL Server: from 09-00 before 12-50-07; JP1/Performance Management - Agent Option for Oracle: from 09-00 before\u00a0 12-10-08; JP1/Performance Management - Agent Option for Platform: from 09-00 before 12-50-07; JP1/Performance Management - Agent Option for Service Response: from 09-00 before 11-50-16; JP1/Performance Management - Agent Option for Transaction System: from 11-00 before 12-00-14; JP1/Performance Management - Remote Monitor for Microsoft(R) SQL Server: from 09-00 before 12-50-07; JP1/Performance Management - Remote Monitor for Oracle: from 09-00 before 12-10-08; JP1/Performance Management - Remote Monitor for Platform: from 09-00 before 12-10-08; JP1/Performance Management - Remote Monitor for Virtual Machine: from 10-00 before 12-50-07; JP1/Performance Management - Agent Option for Domino: from 09-00 through 09-00-*; JP1/Performance Management - Agent Option for IBM WebSphere Application Server: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for IBM WebSphere MQ: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for JP1/AJS3: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for OpenTP1: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for Oracle WebLogic Server: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for uCosminexus Application Server: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for Virtual Machine: from 09-00 through 09-01-*.\n\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-165",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-165 File Manipulation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "CWE-276 Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-03T01:05:42.803Z",
        "orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
        "shortName": "Hitachi"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-145/index.html"
        }
      ],
      "source": {
        "advisory": "hitachi-sec-2023-145",
        "discovery": "EXTERNAL"
      },
      "title": "File and Directory Permission Vulnerability in JP1/Performance Management",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
    "assignerShortName": "Hitachi",
    "cveId": "CVE-2023-3440",
    "datePublished": "2023-10-03T01:05:42.803Z",
    "dateReserved": "2023-06-28T09:03:01.678Z",
    "dateUpdated": "2024-08-02T06:55:03.179Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-3323 (GCVE-0-2023-3323)

Vulnerability from cvelistv5 – Published: 2023-07-24 17:17 – Updated: 2024-10-18 13:02
VLAI
Title
Code Execution through overwriting project file on zenon engineering studio system
Summary
A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts. This issue affects ABB Ability™ zenon: from 11 build through 11 build 106404.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-276 - Incorrect Default Permissions
Assigner
ABB
Impacted products
Vendor Product Version
ABB ABB Ability™ zenon Affected: 11 build , ≤ 11 build 106404 (custom)
Create a notification for this product.
Date Public
2023-07-23 18:30
Credits
ABB thanks Noam Moshe of Claroty Research - Team82, for helping to identify the vulnerabilities and protecting our customers.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T06:55:02.606Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001801\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\u0026_ga=2.194142766.2067879716.1690216773-1911411808.1686627590"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-3323",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-18T13:00:08.154446Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-18T13:02:35.402Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "ABB Ability\u2122 zenon",
          "vendor": "ABB",
          "versions": [
            {
              "lessThanOrEqual": "11 build 106404",
              "status": "affected",
              "version": "11 build ",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "ABB thanks Noam Moshe of Claroty Research - Team82, for helping to identify the vulnerabilities and protecting our customers."
        }
      ],
      "datePublic": "2023-07-23T18:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\nA vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted\nprograms to exploit the vulnerabilities by allowing them to run on the zenon installed hosts.\u003cbr\u003e\u003cp\u003eThis issue affects ABB Ability\u2122 zenon: from 11 build through 11 build 106404.\u003c/p\u003e\n\n"
            }
          ],
          "value": "\nA vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted\nprograms to exploit the vulnerabilities by allowing them to run on the zenon installed hosts.\nThis issue affects ABB Ability\u2122 zenon: from 11 build through 11 build 106404.\n\n\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "CWE-276 Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-24T17:17:09.348Z",
        "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
        "shortName": "ABB"
      },
      "references": [
        {
          "url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001801\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\u0026_ga=2.194142766.2067879716.1690216773-1911411808.1686627590"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": " Code Execution through overwriting project file on zenon engineering studio system",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\n\nABB recommends the following workarounds. Although these workarounds will not correct the underlying vulnerability, they block the known attack vectors.\n\u2022 For CVE-2023-3323, Recommended practices include that process control systems are physically protected,\nhave no direct connections to the Internet, and are separated from other networks by\nmeans of a firewall system that has a minimal number of ports exposed.  Remove the default directory permissions for \u2018Everyone\u2019 on the service grid, ABB utilities, and zenon_Projects directories and provide access only to specific users that are\nexpected to access zenon.  Install the IIoT services, which is, the Service grid component on a separate system.  Secure the ZEE600 related executable files in \u2018C:\\ProgramData\\ABB\\ABBUtilities\u2019 directory by removing the group named \u201cEveryone\u201d.  Ensure the group name \u201cEveryone\u201d should be removed from the following directory.\n\u2018C:\\ProgramData\\ABB\u2019.  Secure zenon_Projects directory by managing the access permissions. The project directory should have access only for the user group (Excluding administrator) which has\nthe users to use zenon projects. Consider the following example:\n\nExample: A user group named \u2018zenonOwnersGroup\u2019 to be created and it is the only\ngroup that has write access to the zenon_ Projects directory. If the system has 2 users\nsuch as test1(Part of zenonOwnersGroup ) and test2 (not in zenonOwnersGroup ). The\nproject directory (C:\\Users\\Public\\Documents\\zenon_Projects) should have write access only for the zenonOwnersGroup and for no one else. Now, test1 should have write\naccess the zenon_Project directory and test2 should not.\n\n\n\n\n\u003cbr\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "\n\n\nABB recommends the following workarounds. Although these workarounds will not correct the underlying vulnerability, they block the known attack vectors.\n\u2022 For CVE-2023-3323, Recommended practices include that process control systems are physically protected,\nhave no direct connections to the Internet, and are separated from other networks by\nmeans of a firewall system that has a minimal number of ports exposed.  Remove the default directory permissions for \u2018Everyone\u2019 on the service grid, ABB utilities, and zenon_Projects directories and provide access only to specific users that are\nexpected to access zenon.  Install the IIoT services, which is, the Service grid component on a separate system.  Secure the ZEE600 related executable files in \u2018C:\\ProgramData\\ABB\\ABBUtilities\u2019 directory by removing the group named \u201cEveryone\u201d.  Ensure the group name \u201cEveryone\u201d should be removed from the following directory.\n\u2018C:\\ProgramData\\ABB\u2019.  Secure zenon_Projects directory by managing the access permissions. The project directory should have access only for the user group (Excluding administrator) which has\nthe users to use zenon projects. Consider the following example:\n\nExample: A user group named \u2018zenonOwnersGroup\u2019 to be created and it is the only\ngroup that has write access to the zenon_ Projects directory. If the system has 2 users\nsuch as test1(Part of zenonOwnersGroup ) and test2 (not in zenonOwnersGroup ). The\nproject directory (C:\\Users\\Public\\Documents\\zenon_Projects) should have write access only for the zenonOwnersGroup and for no one else. Now, test1 should have write\naccess the zenon_Project directory and test2 should not.\n\n\n\n\n\n\n\n\n"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
    "assignerShortName": "ABB",
    "cveId": "CVE-2023-3323",
    "datePublished": "2023-07-24T17:17:09.348Z",
    "dateReserved": "2023-06-19T15:47:21.374Z",
    "dateUpdated": "2024-10-18T13:02:35.402Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-3116 (GCVE-0-2023-3116)

Vulnerability from cvelistv5 – Published: 2023-11-20 11:44 – Updated: 2024-08-29 20:48
VLAI
Title
Liteos-A has a incorrect default permissions vulnerability
Summary
in OpenHarmony v3.2.2 and prior versions allow a local attacker get confidential information or rewrite sensitive file through incorrect default permissions.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-276 - Incorrect Default Permissions
Assigner
Impacted products
Vendor Product Version
OpenHarmony OpenHarmony Affected: v3.2.0 , ≤ v3.2.2 (custom)
Create a notification for this product.
Date Public
2023-12-05 16:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T06:48:07.106Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2023/2023-12.md"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-3116",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-08T13:48:47.307043Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-29T20:48:35.867Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "OpenHarmony",
          "vendor": "OpenHarmony",
          "versions": [
            {
              "lessThanOrEqual": "v3.2.2",
              "status": "affected",
              "version": "v3.2.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2023-12-05T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "in OpenHarmony v3.2.2 and prior versions allow a local attacker get confidential information or rewrite sensitive file through  incorrect default permissions."
            }
          ],
          "value": "in OpenHarmony v3.2.2 and prior versions allow a local attacker get confidential information or rewrite sensitive file through  incorrect default permissions."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "CWE-276 Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-20T11:44:26.409Z",
        "orgId": "0cf5dd6e-1214-4398-a481-30441e48fafd",
        "shortName": "OpenHarmony"
      },
      "references": [
        {
          "url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2023/2023-12.md"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Liteos-A has a incorrect default permissions vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "0cf5dd6e-1214-4398-a481-30441e48fafd",
    "assignerShortName": "OpenHarmony",
    "cveId": "CVE-2023-3116",
    "datePublished": "2023-11-20T11:44:26.409Z",
    "dateReserved": "2023-06-06T06:29:14.227Z",
    "dateUpdated": "2024-08-29T20:48:35.867Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-3112 (GCVE-0-2023-3112)

Vulnerability from cvelistv5 – Published: 2023-10-24 20:31 – Updated: 2024-09-12 14:33
VLAI
Summary
A vulnerability was reported in Elliptic Labs Virtual Lock Sensor for ThinkPad T14 Gen 3 that could allow an attacker with local access to execute code with elevated privileges.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-276 - Incorrect Default Permissions
Assigner
Impacted products
Vendor Product Version
Lenovo Elliptic Labs Virtual Lock Sensor Affected: All versions prior to 3.1.50719.1
Create a notification for this product.
Lenovo AI Virtual Presence Sensor Affected: All versions prior to 3.1.50719.1
Create a notification for this product.
lenovo thinkpad_t14_gen_3 Affected: 0 , ≤ 3.1.50719.1 (custom)
    cpe:2.3:h:lenovo:thinkpad_t14_gen_3:-:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T06:48:07.277Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.lenovo.com/us/en/product_security/LEN-128081"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:h:lenovo:thinkpad_t14_gen_3:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinkpad_t14_gen_3",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThanOrEqual": "3.1.50719.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-3112",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-11T14:17:52.903048Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T14:33:21.402Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Elliptic Labs Virtual Lock Sensor",
          "vendor": "Lenovo",
          "versions": [
            {
              "status": "affected",
              "version": "All versions prior to 3.1.50719.1"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AI Virtual Presence Sensor",
          "vendor": "Lenovo",
          "versions": [
            {
              "status": "affected",
              "version": "All versions prior to 3.1.50719.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A vulnerability was reported in Elliptic Labs Virtual Lock Sensor for ThinkPad T14 Gen 3 that could allow an attacker with local access to execute code with elevated privileges."
            }
          ],
          "value": "A vulnerability was reported in Elliptic Labs Virtual Lock Sensor for ThinkPad T14 Gen 3 that could allow an attacker with local access to execute code with elevated privileges."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "CWE-276 Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-24T20:31:09.667Z",
        "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "shortName": "lenovo"
      },
      "references": [
        {
          "url": "https://support.lenovo.com/us/en/product_security/LEN-128081"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpgrade to the Elliptic Virtual Lock Sensor version (or newer) indicated for your model in the advisory\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.lenovo.com/us/en/product_security/LEN-128081\"\u003ehttps://support.lenovo.com/us/en/product_security/LEN-128081\u003c/a\u003e\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "\nUpgrade to the Elliptic Virtual Lock Sensor version (or newer) indicated for your model in the advisory\u00a0 https://support.lenovo.com/us/en/product_security/LEN-128081 \n"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
    "assignerShortName": "lenovo",
    "cveId": "CVE-2023-3112",
    "datePublished": "2023-10-24T20:31:09.667Z",
    "dateReserved": "2023-06-05T19:13:51.840Z",
    "dateUpdated": "2024-09-12T14:33:21.402Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-2737 (GCVE-0-2023-2737)

Vulnerability from cvelistv5 – Published: 2023-08-16 15:45 – Updated: 2024-10-01 18:19
VLAI
Title
Improper securing of log directory may allow a denial of service
Summary
Improper log permissions in SafeNet Authentication Service Version 3.4.0 on Windows allows an authenticated attacker to cause a denial of service via local privilege escalation.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-276 - Incorrect Default Permissions
Assigner
Impacted products
Vendor Product Version
Thales SafeNet Authtentication Service Agent Affected: SafeNet Authentication Service Agent , < 3.6.1 (3.6.0)
Create a notification for this product.
Credits
Florian Hansemann, https://hansesecure.de
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T06:33:05.388Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://supportportal.thalesgroup.com/csm?id=kb_article_view\u0026sys_kb_id=08f460ba47bba550c0e42e61e36d432f\u0026sysparm_article=KB0027485"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-2737",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-01T18:13:42.811602Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-01T18:19:57.696Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "SafeNet Authtentication Service Agent",
          "vendor": "Thales",
          "versions": [
            {
              "lessThan": "3.6.1",
              "status": "affected",
              "version": "SafeNet Authentication Service Agent ",
              "versionType": "3.6.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Florian Hansemann, https://hansesecure.de"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper log permissions in SafeNet Authentication Service\u0026nbsp;Version 3.4.0 on Windows allows an authenticated attacker to cause a denial of service via local privilege escalation.\u003cbr\u003e"
            }
          ],
          "value": "Improper log permissions in SafeNet Authentication Service\u00a0Version 3.4.0 on Windows allows an authenticated attacker to cause a denial of service via local privilege escalation.\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "CWE-276 Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-16T15:45:29.540Z",
        "orgId": "9d5917ae-205d-4ae5-8749-1f49479b1395",
        "shortName": "THA-PSIRT"
      },
      "references": [
        {
          "url": "https://supportportal.thalesgroup.com/csm?id=kb_article_view\u0026sys_kb_id=08f460ba47bba550c0e42e61e36d432f\u0026sysparm_article=KB0027485"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Improper securing of log directory may allow a denial of service",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9d5917ae-205d-4ae5-8749-1f49479b1395",
    "assignerShortName": "THA-PSIRT",
    "cveId": "CVE-2023-2737",
    "datePublished": "2023-08-16T15:45:29.540Z",
    "dateReserved": "2023-05-16T13:48:23.279Z",
    "dateUpdated": "2024-10-01T18:19:57.696Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation MIT-1
Architecture and Design Operation

The architecture needs to access and modification attributes for files to only those users who actually require those actions.

Mitigation MIT-46
Architecture and Design

Strategy: Separation of Privilege

  • Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
  • Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs

In applications, particularly web applications, access to functionality is mitigated by an authorization framework. This framework maps Access Control Lists (ACLs) to elements of the application's functionality; particularly URL's for web apps. In the case that the administrator failed to specify an ACL for a particular element, an attacker may be able to access it with impunity. An attacker with the ability to access functionality not properly constrained by ACLs can obtain sensitive information and possibly compromise the entire application. Such an attacker can access resources that must be available only to users at a higher privilege level, can access management sections of the application, or can run queries for data that they otherwise not supposed to.

CAPEC-127: Directory Indexing

An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.

CAPEC-81: Web Server Logs Tampering

Web Logs Tampering attacks involve an attacker injecting, deleting or otherwise tampering with the contents of web logs typically for the purposes of masking other malicious behavior. Additionally, writing malicious data to log files may target jobs, filters, reports, and other agents that process the logs in an asynchronous attack pattern. This pattern of attack is similar to "Log Injection-Tampering-Forging" except that in this case, the attack is targeting the logs of the web server and not the application.