CyberSec.Space Logo
返回 CVE 浏览器

CVE-2019-18253

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1860%
EPSS Percentile17.10th
Published2019年11月27日
Last Modified2024年11月21日

Vulnerability Description

An attacker could use specially crafted paths in a specific request to read or delete files from Relion 670 Series (versions 1p1r26, 1.2.3.17, 2.0.0.10, RES670 2.0.0.4, 2.1.0.1, and prior) outside the intended directory.

Affected Platforms (CPE)

💻
Hitachienergy

Relion 670 Firmware

< 1p1r26
💻
Hitachienergy

Relion 670 Firmware

>= 1.2 and < 1.2.3.17
💻
Hitachienergy

Relion 670 Firmware

>= 2.0 and < 2.0.0.10
💻
Hitachienergy

Relion 670 Firmware

>= 2.1 and < 2.1.0.1

References & Advisories

🔗 https://www.us-cert.gov/ics/advisories/icsa-19-330-01
🔗 https://www.us-cert.gov/ics/advisories/icsa-19-330-01

相关漏洞威胁

CVE-2021-355358.1

Insecure Boot Image vulnerability in Hitachi Energy Relion Relion 670/650/SAM600-IO series allows an attacker who manages to get a...

CVE-2019-002010.0

Juniper ATP ships with hard coded credentials in the Web Collector instance which gives an attacker the ability to take full contr...

CVE-2019-002210.0

Juniper ATP ships with hard coded credentials in the Cyphort Core instance which gives an attacker the ability to take full contro...

CVE-2019-420210.0

IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal is vulnerable to command injection. An attacker with a specially crafted requ...