All CISA Advisories, EN

Hitachi Energy Asset Suite

2025-10-09 18:10

1. EXECUTIVE SUMMARY

CVSS v4 6.0
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Hitachi Energy
Equipment: Asset Suite
Vulnerability: Improper Output Neutralization for Logs

2. RISK EVALUATION

Successful exploitation of this vulnerability could result in the manipulation of content or the injection of data with the potential of carrying out further malicious attacks.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following versions of Asset Suite are affected:

Asset Suite: Versions 9.7 and prior

3.2 VULNERABILITY OVERVIEW

3.2.1 IMPROPER OUTPUT NEUTRALIZATION FOR LOGS CWE-117

A vulnerability exists in Asset Suite for an authenticated user to manipulate the content of performance related log data or to inject crafted data in logfile for potentially carrying out further malicious attacks. Performance logging is typically enabled for troubleshooting purposes while resolving application performance related issues.

CVE-2025-10217 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N).

A CVSS v4 score has also been calculated for CVE-2025-10217. A base score of 6.0 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N).

3.3 BACKGROUND

CRITICAL INFRASTRUCTURE SECTORS: Energy
COUNTRIES/AREAS DEPLOY

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from All CISA Advisories

Read the original article:

Hitachi Energy Asset Suite

Share this:
Facebook
X
LinkedIn

Related

Tags: All CISA Advisories EN

Post navigation

← Rockwell Automation Lifecycle Services with Cisco

Rockwell Automation Stratix →

Search for:
Pages

Advertising

Contact

Legal and Contact information

Opt-out preferences

Privacy Policy

Social Media

Apps

Telegram Channel

Recent Posts

ClayRat campaign uses Telegram and phishing sites to distribute Android spyware October 9, 2025

USENIX 2025: PEPR ’25 – OneShield Privacy Guard: Deployable Privacy Solutions for LLMs October 9, 2025

IT Security News Hourly Summary 2025-10-09 21h : 2 posts October 9, 2025

Linode Kubernetes Engine Optimization: Save on Compute, Storage, and Networking October 9, 2025

Chaos Emerges as Faster, Smarter, and More Dangerous Ransomware October 9, 2025

Data-Leak Sites Hit an All-Time High With New Scattered Spider RaaS and LockBit 5.0 October 9, 2025

New Polymorphic Python Malware Repeatedly Mutate its Appearance at Every Execution Time October 9, 2025

Hackers Upgraded ClickFix Attack With Cache Smuggling to Secretly Download Malicious Files October 9, 2025

Fake VPN and streaming app drops malware that drains your bank account October 9, 2025

What CISOs should know about DeepSeek cybersecurity risks October 9, 2025

Rethinking DDoS Defense: Why Scale Isn’t the Only Metric That Matters October 9, 2025

Why don’t we sit around this computer console and have a sing-along? October 9, 2025

Apple Took Down These ICE-Tracking Apps. The Developers Aren’t Giving Up October 9, 2025

From HealthKick to GOVERSHELL: The Evolution of UTA0388’s Espionage Malware October 9, 2025

New research from VerifyLabs.AI highlights the nation’s fears when it comes to deepfakes October 9, 2025

Pro-Russian hacking group snared by Forescout Vedere Labs honeypot October 9, 2025

China Sentences 11 Individuals to Death Over Massive Cross-Border Scam Network October 9, 2025

Microsoft Stops Phishing Scam Which Used Gen-AI Codes to Fool Victims October 9, 2025

Fake TikTok and WhatsApp Apps Infect Android Devices with ClayRat Spyware October 9, 2025

Apple Took Down ICE-Tracking Apps. Their Developers Aren’t Giving Up October 9, 2025

Copyright © 2025 IT Security News. All Rights Reserved. The Magazine Basic Theme by bavotasan.com.

Manage Consent

To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.

Functional Functional Always active

The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.

Preferences Preferences

The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.

Statistics Statistics

The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.

Marketing Marketing

The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.

Manage options Manage services Manage {vendor_count} vendors Read more about these purposes

View preferences

{title} {title} {title}