Details of VAR-201310-0803

ID

VAR-201310-0803

TITLE

Unknown arbitrary command execution vulnerability in Hitachi JP1 / Base

Trust: 0.6

sources: CNVD: CNVD-2013-13472

DESCRIPTION

Hitachi JP1 is a solution that monitors the execution of business and centrally manages system content such as OS and applications. Hitachi JP1 / Base has an unknown vulnerability in processing messages sent by some hosts, allowing remote attackers to use the vulnerability to execute arbitrary commands. Hitachi JP1/Base is prone to an unspecified arbitrary command-execution vulnerability. Local attacker can exploit this issue to execute arbitrary commands within the context of the vulnerable application

Trust: 0.81

sources: CNVD: CNVD-2013-13472 // BID: 62753

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2013-13472

AFFECTED PRODUCTS

vendor:	hitachi	model:	jp1/base	scope:	eq	version:	06-00	Trust: 1.5
vendor:	hitachi	model:	jp1/base	scope:	ne	version:	10-10	Trust: 1.5
vendor:	hitachi	model:	jp1/base	scope:	eq	version:	10-00	Trust: 1.2
vendor:	hitachi	model:	jp1/base	scope:	-	version:	-	Trust: 0.6
vendor:	hitachi	model:	jp1/base )	scope:	ne	version:	10-10	Trust: 0.6
vendor:	hitachi	model:	jp1/base )	scope:	eq	version:	10-00	Trust: 0.3
vendor:	hitachi	model:	jp1/base )	scope:	eq	version:	09-50	Trust: 0.3
vendor:	hitachi	model:	jp1/base	scope:	eq	version:	09-50	Trust: 0.3
vendor:	hitachi	model:	jp1/base )	scope:	eq	version:	07-00	Trust: 0.3
vendor:	hitachi	model:	jp1/base	scope:	eq	version:	07-00	Trust: 0.3

sources: CNVD: CNVD-2013-13472 // BID: 62753

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2013-13472
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2013-13472
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2013-13472

THREAT TYPE

local

Trust: 0.3

sources: BID: 62753

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 62753

PATCH

title:

Patch for Unknown arbitrary command execution vulnerability in Hitachi JP1 / Base

url:

https://www.cnvd.org.cn/patchinfo/show/39940

Trust: 0.6

sources: CNVD: CNVD-2013-13472

EXTERNAL IDS

db:	HITACHI	id:	HS13-022	Trust: 0.9
db:	BID	id:	62753	Trust: 0.9
db:	CNVD	id:	CNVD-2013-13472	Trust: 0.6

sources: CNVD: CNVD-2013-13472 // BID: 62753

REFERENCES

url:	http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs13-022/index.html	Trust: 0.9
url:	http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs13-022/index.html	Trust: 0.6
url:	http://www.hds.com/products/storage-software/hitachi-device-manager.html	Trust: 0.3

sources: CNVD: CNVD-2013-13472 // BID: 62753

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 62753

SOURCES

db:	CNVD	id:	CNVD-2013-13472
db:	BID	id:	62753

LAST UPDATE DATE

2022-05-17T02:10:39.122000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-13472	date:	2013-10-09T00:00:00
db:	BID	id:	62753	date:	2013-09-30T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2013-13472	date:	2013-10-09T00:00:00
db:	BID	id:	62753	date:	2013-09-30T00:00:00