Lucene search

[email protected]CVE-2021-35526

HistorySep 08, 2021 - 4:15 p.m.

CVE-2021-35526

2021-09-0816:15:07

CWE-863

CWE-312

[email protected]

web.nvd.nist.gov

hitachi

abb

power grids

sdm600

cve-2021-35526

vulnerability

unauthorized access

nvd

encryption

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.5%

JSON

Backup file without encryption vulnerability is found in Hitachi ABB Power Grids System Data Manager – SDM600 allows attacker to gain access to sensitive information. This issue affects: Hitachi ABB Power Grids System Data Manager – SDM600 1.2 versions prior to FP2 HF6 (Build Nr. 1.2.14002.257).

Affected configurations

NVD

Node

hitachienergysdm600Match-

AND

hitachiabb-powergridssdm600_firmwareRange1.2–1.2.14002.257

CPENameOperatorVersion
hitachiabb-powergrids:sdm600_firmwarehitachiabb-powergrids sdm600 firmwarelt1.2.14002.257

CPE	Name	Operator	Version
hitachiabb-powergrids:sdm600_firmware	hitachiabb-powergrids sdm600 firmware	lt	1.2.14002.257

CNA Affected

[
  {
    "platforms": [
      "prior to Build Nr. 1.2.14002.257"
    ],
    "product": "System Data Manager – SDM600",
    "vendor": "Hitachi ABB Power Grids",
    "versions": [
      {
        "lessThan": "FP2 HF6",
        "status": "affected",
        "version": "1.2",
        "versionType": "custom"
      }
    ]
  }
]

References

search.abb.com/library/Download.aspx?utm_campaign=&utm_content=2021.08_5051_Cybersecurity%20Advisory%3A&utm_medium=email&utm_source=Eloqua&DocumentID=9AKK107992A4700&LanguageCode=en&DocumentPartId=&Action=Launch&elqTrackId=ba79ef3d8aec4a4fad6c0cbe06d33d6c&elq=1bda419954724e908db108def16646a5&elqaid=3638&elqat=1&elqCampaignId=

us-cert.cisa.gov/ics/advisories/icsa-21-250-02

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.5%

JSON

Related for CVE-2021-35526

ics1 prion1 cnvd1 cvelist1 nvd1