CyberSec.Space Logo
Back to CVE Browser

CVE-2019-18253

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1860%
EPSS Percentile17.10th
PublishedNov 27, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

An attacker could use specially crafted paths in a specific request to read or delete files from Relion 670 Series (versions 1p1r26, 1.2.3.17, 2.0.0.10, RES670 2.0.0.4, 2.1.0.1, and prior) outside the intended directory.

Affected Platforms (CPE)

πŸ’»
Hitachienergy

Relion 670 Firmware

< 1p1r26
πŸ’»
Hitachienergy

Relion 670 Firmware

>= 1.2 and < 1.2.3.17
πŸ’»
Hitachienergy

Relion 670 Firmware

>= 2.0 and < 2.0.0.10
πŸ’»
Hitachienergy

Relion 670 Firmware

>= 2.1 and < 2.1.0.1

References & Advisories

πŸ”— https://www.us-cert.gov/ics/advisories/icsa-19-330-01
πŸ”— https://www.us-cert.gov/ics/advisories/icsa-19-330-01

Related Vulnerabilities

CVE-2021-355358.1

Insecure Boot Image vulnerability in Hitachi Energy Relion Relion 670/650/SAM600-IO series allows an attacker who manages to get a...

CVE-2019-002010.0

Juniper ATP ships with hard coded credentials in the Web Collector instance which gives an attacker the ability to take full contr...

CVE-2019-002210.0

Juniper ATP ships with hard coded credentials in the Cyphort Core instance which gives an attacker the ability to take full contro...

CVE-2019-420210.0

IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal is vulnerable to command injection. An attacker with a specially crafted requ...