Lucene search

Hitachi EnergyCVE-2021-35528

HistoryNov 17, 2021 - 6:15 p.m.

CVE-2021-35528

2021-11-1718:15:08

CWE-284

Hitachi Energy

web.nvd.nist.gov

cve-2021-35528

improper access control

hitachi energy

retail operations

csb

data extraction

data modification

nvd

CVSS2

3.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:P/A:N

CVSS3

7.2

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N

AI Score

Confidence

High

EPSS

Percentile

12.6%

JSON

Improper Access Control vulnerability in the application authentication and authorization of Hitachi Energy Retail Operations, Counterparty Settlement and Billing (CSB) allows an attacker to execute a modified signed Java Applet JAR file. A successful exploitation may lead to data extraction or modification of data inside the application. This issue affects: Hitachi Energy Retail Operations 5.7.3 and prior versions. Hitachi Energy Counterparty Settlement and Billing (CSB) 5.7.3 prior versions.

Affected configurations

Nvd

Node

hitachienergycounterparty_settlements_and_billingRange≤5.7.3

hitachienergyretail_operationsRange≤5.7.3

VendorProductVersionCPE
hitachienergycounterparty_settlements_and_billing*cpe:2.3:a:hitachienergy:counterparty_settlements_and_billing:*:*:*:*:*:*:*:*
hitachienergyretail_operations*cpe:2.3:a:hitachienergy:retail_operations:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
hitachienergy	counterparty_settlements_and_billing	*	cpe:2.3:a:hitachienergy:counterparty_settlements_and_billing::::::::
hitachienergy	retail_operations	*	cpe:2.3:a:hitachienergy:retail_operations::::::::

CNA Affected

[
  {
    "product": "Retail Operations",
    "vendor": "Hitachi Energy",
    "versions": [
      {
        "lessThan": "5.7.3.1",
        "status": "affected",
        "version": "5.7.3",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Counterparty Settlement and Billing (CSB)",
    "vendor": "Hitachi Energy",
    "versions": [
      {
        "lessThan": "5.7.3.1",
        "status": "affected",
        "version": "5.7.3",
        "versionType": "custom"
      }
    ]
  }
]

References

search.abb.com/library/Download.aspx?DocumentID=8DBD000067&LanguageCode=en&DocumentPartId=&Action=Launch

search.abb.com/library/Download.aspx?DocumentID=8DBD000068&LanguageCode=en&DocumentPartId=&Action=Launch

CVSS2

3.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:P/A:N

CVSS3

7.2

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N

AI Score

Confidence

High

EPSS

Percentile

12.6%

JSON

Related for CVE-2021-35528