CVE-2021-40334 HIGH

Published: 2021-12-02 | Last Modified: 2024-11-21 | Status: Modified

Description

Missing Handler vulnerability in the proprietary management protocol (port TCP 5558) of Hitachi Energy FOX61x, XCM20 allows an attacker that exploits the vulnerability by activating SSH on port TCP 5558 to cause disruption to the NMS and NE communication. This issue affects: Hitachi Energy FOX61x versions prior to R15A. Hitachi Energy XCM20 versions prior to R15A.

Additional Descriptions (1)

Una vulnerabilidad de Manejo Faltante en el protocolo de administración propietario (puerto TCP 5558) de Hitachi Energy FOX61x, XCM20 permite que un atacante que explote la vulnerabilidad al activar SSH en el puerto TCP 5558 para causar una interrupción en la comunicación del NMS y NE. Este problema afecta a: Hitachi Energy FOX61x versiones anteriores a la R15A. Hitachi Energy XCM20 versiones anteriores a la R15A

CVSS Metrics

Base Score: 7.5 (HIGH)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector	NETWORK
Attack Complexity	LOW
Privileges Required	NONE
User Interaction	NONE
Scope	UNCHANGED
Confidentiality Impact	NONE
Integrity Impact	NONE
Availability Impact	HIGH

Source: [email protected]

Type: Primary

Exploitability Score: 3.9

Impact Score: 3.6

Base Score: 5.0 (MEDIUM)

AV:N/AC:L/Au:N/C:N/I:N/A:P

Access Vector	NETWORK
Access Complexity	LOW
Authentication	NONE
Confidentiality Impact	NONE
Integrity Impact	NONE
Availability Impact	PARTIAL

Source: [email protected]

Type: Primary

Exploitability Score: 10.0

Impact Score: 2.9

Weaknesses

Source	Type	Description
[email protected]	Secondary	en CWE-431
[email protected]	Primary	en NVD-CWE-Other

Affected Products

Vendor	Product	Version	Update	Type
hitachienergy	fox615_firmware	*	<built-in method update of dict object at 0x72a999779ec0>	Operating System
hitachienergy	xcm20_firmware	*	<built-in method update of dict object at 0x72a999778fc0>	Operating System

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:hitachienergy:fox615_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:hitachienergy:fox615:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:hitachienergy:xcm20_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:hitachienergy:xcm20:-:::::::*`

References

https://search.abb.com/library/Download.aspx?DocumentID=8DBD000062&LanguageCode=en&DocumentPartId=&Action=Launch
Source: [email protected]

Vendor Advisory
https://search.abb.com/library/Download.aspx?DocumentID=8DBD000069&LanguageCode=en&DocumentPartId=&Action=Launch
Source: [email protected]

Vendor Advisory
https://search.abb.com/library/Download.aspx?DocumentID=8DBD000062&LanguageCode=en&DocumentPartId=&Action=Launch
Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory
https://search.abb.com/library/Download.aspx?DocumentID=8DBD000069&LanguageCode=en&DocumentPartId=&Action=Launch
Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory