CVE-2023-2621

MEDIUM

Hitachi Energy Modular Advanced Control for HVDC 5.0-7.16.9.9 - Arbitrary File Write via ZIP Upload

Title source: llm

Description

The McFeeder server (distributed as part of SSW package), is susceptible to an arbitrary file write vulnerability on the MAIN computer system. This vulnerability stems from the use of an outdated version of a third-party library, which is used to extract archives uploaded to McFeeder server. An authenticated malicious client can exploit this vulnerability by uploading a crafted ZIP archive via the network to McFeeder’s service endpoint.

References (1)

Core 1

Core References

Vendor Advisory

https://publisher.hitachienergy.com/preview?DocumentId=8DBD000177&languageCode=en&Preview=true

Scores

CVSS v3 6.5

EPSS 0.0049

EPSS Percentile 38.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-22

Status published

Products (1)

hitachienergy/modular_advanced_control_for_hvdc 5.0 - 7.17.0.0

Published Nov 01, 2023

Tracked Since Feb 18, 2026