Rewterz

Rewterz Threat Advisory – CVE-2023-34043 – VMware Aria Operations Vulnerability

September 27, 2023
Rewterz

Rewterz Threat Advisory – ICS: Mitsubishi Electric GX Works3 Vulnerability

September 27, 2023

Rewterz Threat Advisory – ICS: Hitachi Energy Asset Suite Vulnerability

Severity

Medium

Analysis Summary

CVE-2023-4816

Hitachi Energy Asset Suite could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw in the Equipment Tag Out authentication. By sending a specially crafted request, an attacker could exploit this vulnerability to perform an Equipment Tag Out holder action for another user and entering an arbitrary password in the holder action confirmation dialog box.

Impact

  • Security Bypass

Indicators Of Compromise

CVE

  • CVE-2023-4816

Affected Vendors

Hitachi

Affected Products

  • Hitachi Energy Asset Suite 9.6.3.11.1
  • Hitachi Energy Asset Suite 9.6.4

Remediation

Refer to Hitachi Energy PSIRT for patch, upgrade or suggested workaround information.

Hitachi Energy PSIR

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.