CVE-2021-35526 HIGH

Published: 2021-09-08 | Last Modified: 2024-11-21 | Status: Modified

Description

Backup file without encryption vulnerability is found in Hitachi ABB Power Grids System Data Manager – SDM600 allows attacker to gain access to sensitive information. This issue affects: Hitachi ABB Power Grids System Data Manager – SDM600 1.2 versions prior to FP2 HF6 (Build Nr. 1.2.14002.257).

Additional Descriptions (1)

Se ha encontrado una vulnerabilidad de archivo de copia de seguridad sin cifrado en Hitachi ABB Power Grids System Data Manager - SDM600 que permite a un atacante conseguir acceso a información confidencial. Este problema afecta a: Hitachi ABB Power Grids System Data Manager - SDM600 versión 1.2 anteriores a FP2 HF6 (Build Nr. 1.2.14002.257)

CVSS Metrics

Base Score: 7.8 (HIGH)

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector	LOCAL
Attack Complexity	LOW
Privileges Required	LOW
User Interaction	NONE
Scope	UNCHANGED
Confidentiality Impact	HIGH
Integrity Impact	HIGH
Availability Impact	HIGH

Source: [email protected]

Type: Primary

Exploitability Score: 1.8

Impact Score: 5.9

Base Score: 7.2 (HIGH)

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector	LOCAL
Access Complexity	LOW
Authentication	NONE
Confidentiality Impact	COMPLETE
Integrity Impact	COMPLETE
Availability Impact	COMPLETE

Source: [email protected]

Type: Primary

Exploitability Score: 3.9

Impact Score: 10.0

Weaknesses

Source	Type	Description
[email protected]	Secondary	en CWE-312
[email protected]	Primary	en CWE-863

Affected Products

Vendor	Product	Version	Update	Type
hitachiabb-powergrids	sdm600_firmware	*	<built-in method update of dict object at 0x72a9cc7edf00>	Operating System

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:hitachiabb-powergrids:sdm600_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:hitachienergy:sdm600:-:::::::*`

References

https://search.abb.com/library/Download.aspx?utm_campaign=&utm_content=2021.08_5051_Cybersecurity%20Advisory%3A&utm_medium=email&utm_source=Eloqua&DocumentID=9AKK107992A4700&LanguageCode=en&DocumentPartId=&Action=Launch&elqTrackId=ba79ef3d8aec4a4fad6c0cbe06d33d6c&elq=1bda419954724e908db108def16646a5&elqaid=3638&elqat=1&elqCampaignId=
Source: [email protected]

Vendor Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-250-02
Source: [email protected]

Third Party Advisory US Government Resource
https://search.abb.com/library/Download.aspx?utm_campaign=&utm_content=2021.08_5051_Cybersecurity%20Advisory%3A&utm_medium=email&utm_source=Eloqua&DocumentID=9AKK107992A4700&LanguageCode=en&DocumentPartId=&Action=Launch&elqTrackId=ba79ef3d8aec4a4fad6c0cbe06d33d6c&elq=1bda419954724e908db108def16646a5&elqaid=3638&elqat=1&elqCampaignId=
Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-250-02
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory US Government Resource