Lucene search

[email protected]CVE-2021-35534

HistoryNov 18, 2021 - 5:15 p.m.

CVE-2021-35534

2021-11-1817:15:08

CWE-269

CWE-274

[email protected]

web.nvd.nist.gov

cve-2021-35534

hitachi

energy

relion

670

650

sam600-io

database

security

vulnerability

access

control

exploitation

unauthorized modifications

nvd

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.4%

JSON

Insufficient security control vulnerability in internal database access mechanism of Hitachi Energy Relion 670/650/SAM600-IO, Relion 650, GMS600, PWC600 allows attacker who successfully exploited this vulnerability, of which the product does not sufficiently restrict access to an internal database tables, could allow anybody with user credentials to bypass security controls that is enforced by the product. Consequently, exploitation may lead to unauthorized modifications on data/firmware, and/or to permanently disabling the product. This issue affects: Hitachi Energy Relion 670 Series 2.0 all revisions; 2.2.2 all revisions; 2.2.3 versions prior to 2.2.3.5. Hitachi Energy Relion 670/650 Series 2.1 all revisions. 2.2.0 all revisions; 2.2.4 all revisions; Hitachi Energy Relion 670/650/SAM600-IO 2.2.1 all revisions; 2.2.5 versions prior to 2.2.5.2. Hitachi Energy Relion 650 1.0 all revisions. 1.1 all revisions; 1.2 all revisions; 1.3 versions prior to 1.3.0.8; Hitachi Energy GMS600 1.3.0; 1.3.0.1; 1.2.0. Hitachi Energy PWC600 1.0.1 version 1.0.1.4 and prior versions; 1.1.0 version 1.1.0.1 and prior versions.

Affected configurations

NVD

Node

hitachienergygms600_firmwareMatch1.2.0

hitachienergygms600_firmwareMatch1.3.0

hitachienergygms600_firmwareMatch1.3.1.0

AND

hitachienergygms600Match-

Node

hitachienergyrelion_670_firmware

hitachienergyrelion_670_firmwareMatch2.0.0

hitachienergyrelion_670_firmwareMatch2.1.0

hitachienergyrelion_670_firmwareMatch2.2.0

hitachienergyrelion_670_firmwareMatch2.2.1

hitachienergyrelion_670_firmwareMatch2.2.2

hitachienergyrelion_670_firmwareMatch2.2.3

hitachienergyrelion_670_firmwareMatch2.2.4

hitachienergyrelion_670_firmwareMatch2.2.5

AND

hitachienergyrelion_670Match-

Node

hitachienergyrelion_650_firmwareMatch1.0.0

hitachienergyrelion_650_firmwareMatch1.1.0

hitachienergyrelion_650_firmwareMatch1.2.0

hitachienergyrelion_650_firmwareMatch1.3.0

hitachienergyrelion_650_firmwareMatch2.1.0

hitachienergyrelion_650_firmwareMatch2.2.0

hitachienergyrelion_650_firmwareMatch2.2.1

hitachienergyrelion_650_firmwareMatch2.2.4

hitachienergyrelion_650_firmwareMatch2.2.5

AND

hitachienergyrelion_650Match-

Node

hitachienergyrelion_sam600-io_firmwareMatch2.2.1

hitachienergyrelion_sam600-io_firmwareMatch2.2.5

AND

hitachienergyrelion_sam600-ioMatch-

Node

hitachienergypwc600_firmwareMatch1.0.1.0

hitachienergypwc600_firmwareMatch1.0.1.1

hitachienergypwc600_firmwareMatch1.0.1.3

hitachienergypwc600_firmwareMatch1.0.1.4

hitachienergypwc600_firmwareMatch1.1.0.0

hitachienergypwc600_firmwareMatch1.1.0.1

AND

hitachienergypwc600Match-

CPENameOperatorVersion
hitachienergy:gms600_firmwarehitachienergy gms600 firmwareeq1.2.0
hitachienergy:gms600_firmwarehitachienergy gms600 firmwareeq1.3.0
hitachienergy:gms600_firmwarehitachienergy gms600 firmwareeq1.3.1.0

CPE	Name	Operator	Version
hitachienergy:gms600_firmware	hitachienergy gms600 firmware	eq	1.2.0
hitachienergy:gms600_firmware	hitachienergy gms600 firmware	eq	1.3.0
hitachienergy:gms600_firmware	hitachienergy gms600 firmware	eq	1.3.1.0

CNA Affected

[
  {
    "product": "Relion 670 Series",
    "vendor": "Hitachi Energy",
    "versions": [
      {
        "status": "affected",
        "version": "2.0 all revisions"
      },
      {
        "status": "affected",
        "version": "2.2.2 all revisions"
      },
      {
        "lessThan": "2.2.3.5",
        "status": "affected",
        "version": "2.2.3",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Relion 670/650 Series",
    "vendor": "Hitachi Energy",
    "versions": [
      {
        "status": "affected",
        "version": "2.2.0 all revisions"
      },
      {
        "status": "affected",
        "version": "2.2.4 all revisions"
      },
      {
        "status": "affected",
        "version": "2.1 all revisions"
      }
    ]
  },
  {
    "product": "Relion 670/650/SAM600-IO",
    "vendor": "Hitachi Energy",
    "versions": [
      {
        "status": "affected",
        "version": "2.2.1 all revisions"
      },
      {
        "lessThan": "2.2.5.2",
        "status": "affected",
        "version": "2.2.5",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Relion 650",
    "vendor": "Hitachi Energy",
    "versions": [
      {
        "status": "affected",
        "version": "1.1 all revisions"
      },
      {
        "status": "affected",
        "version": "1.2 all revisions"
      },
      {
        "status": "affected",
        "version": "1.0 all revisions"
      },
      {
        "lessThan": "1.3.0.8",
        "status": "affected",
        "version": "1.3",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "GMS600",
    "vendor": "Hitachi Energy",
    "versions": [
      {
        "status": "affected",
        "version": "1.3.0"
      },
      {
        "status": "affected",
        "version": "1.3.1.0 1.3.0.1"
      },
      {
        "status": "affected",
        "version": "1.2.0"
      }
    ]
  },
  {
    "product": "PWC600",
    "vendor": "Hitachi Energy",
    "versions": [
      {
        "lessThanOrEqual": "1.0.1.4",
        "status": "affected",
        "version": "1.0.1",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "1.1.0.1",
        "status": "affected",
        "version": "1.1.0",
        "versionType": "custom"
      }
    ]
  }
]

References

search.abb.com/library/Download.aspx?DocumentID=8DBD000058&LanguageCode=en&DocumentPartId=&Action=Launch

search.abb.com/library/Download.aspx?DocumentID=8DBD000059&LanguageCode=en&DocumentPartId=&Action=Launch

search.abb.com/library/Download.aspx?DocumentID=8DBD000060&LanguageCode=en&DocumentPartId=&Action=Launch

Social References

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.4%

JSON

Related for CVE-2021-35534

nvd1 cvelist1 ics1 nessus1 prion1