CVE-2021-35529 HIGH

Published: 2021-08-20 | Last Modified: 2024-11-21 | Status: Modified

Description

Insufficiently Protected Credentials vulnerability in client environment of Hitachi ABB Power Grids Retail Operations and Counterparty Settlement Billing (CSB) allows an attacker or unauthorized user to access database credentials, shut down the product and access or alter. This issue affects: Hitachi ABB Power Grids Retail Operations version 5.7.2 and prior versions. Hitachi ABB Power Grids Counterparty Settlement Billing (CSB) version 5.7.2 and prior versions.

Additional Descriptions (1)

Una vulnerabilidad de Credenciales Insuficientemente Protegidas en el entorno del cliente de Hitachi ABB Power Grids Retail Operations y Counterparty Settlement Billing (CSB) permite a un atacante o a un usuario no autorizado acceder a las credenciales de la base de datos, cerrar el producto y acceder a él o alterarlo. Este problema afecta a: Hitachi ABB Power Grids Retail Operations versión 5.7.2 y versiones anteriores. Hitachi ABB Power Grids Counterparty Settlement Billing (CSB) versión 5.7.2 y versiones anteriores.

CVSS Metrics

Base Score: 7.2 (HIGH)

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector	NETWORK
Attack Complexity	LOW
Privileges Required	HIGH
User Interaction	NONE
Scope	UNCHANGED
Confidentiality Impact	HIGH
Integrity Impact	HIGH
Availability Impact	HIGH

Source: [email protected]

Type: Primary

Exploitability Score: 1.2

Impact Score: 5.9

Base Score: 6.5 (MEDIUM)

AV:N/AC:L/Au:S/C:P/I:P/A:P

Access Vector	NETWORK
Access Complexity	LOW
Authentication	SINGLE
Confidentiality Impact	PARTIAL
Integrity Impact	PARTIAL
Availability Impact	PARTIAL

Source: [email protected]

Type: Primary

Exploitability Score: 8.0

Impact Score: 6.4

Weaknesses

Source	Type	Description
[email protected]	Secondary	en CWE-522
[email protected]	Primary	en CWE-522

Affected Products

Vendor	Product	Version	Update	Type
hitachienergy	counterparty_settlement_and_billing	*	<built-in method update of dict object at 0x72a963c6b680>	Application
hitachienergy	retail_operations	*	<built-in method update of dict object at 0x72a9cd08d000>	Application

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:hitachienergy:counterparty_settlement_and_billing::::::::`
Yes	`cpe:2.3:a:hitachienergy:retail_operations::::::::`

References

https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5821&LanguageCode=en&DocumentPartId=&Action=Launch
Source: [email protected]

Vendor Advisory
https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5933&LanguageCode=en&DocumentPartId=&Action=Launch
Source: [email protected]

Vendor Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-236-02
Source: [email protected]

Third Party Advisory US Government Resource
https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5821&LanguageCode=en&DocumentPartId=&Action=Launch
Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory
https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5933&LanguageCode=en&DocumentPartId=&Action=Launch
Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-236-02
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory US Government Resource