Lucene search
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_ABB_CVE-2021-35534.NASLHistoryMar 29, 2023 - 12:00 a.m.
Hitachi Energy GMS600, PWC600, and Relion Improper Access Control (CVE-2021-35534)
2023-03-2900:00:00
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
6
hitachi energy
gms600
pwc600
relion
improper access control
cve-2021-35534
vulnerability
internal database
security controls
exploitation
unauthorized modifications
tenable.ot
Insufficient security control vulnerability in internal database access mechanism of Hitachi Energy Relion 670/650/SAM600-IO, Relion 650, GMS600, PWC600 allows attacker who successfully exploited this vulnerability, of which the product does not sufficiently restrict access to an internal database tables, could allow anybody with user credentials to bypass security controls that is enforced by the product. Consequently, exploitation may lead to unauthorized modifications on data/firmware, and/or to permanently disabling the product. This issue affects: Hitachi Energy Relion 670 Series 2.0 all revisions; 2.2.2 all revisions; 2.2.3 versions prior to 2.2.3.5.
Hitachi Energy Relion 670/650 Series 2.1 all revisions. 2.2.0 all revisions; 2.2.4 all revisions; Hitachi Energy Relion 670/650/SAM600-IO 2.2.1 all revisions; 2.2.5 versions prior to 2.2.5.2. Hitachi Energy Relion 650 1.0 all revisions. 1.1 all revisions; 1.2 all revisions; 1.3 versions prior to 1.3.0.8; Hitachi Energy GMS600 1.3.0; 1.3.0.1; 1.2.0. Hitachi Energy PWC600 1.0.1 version 1.0.1.4 and prior versions; 1.1.0 version 1.1.0.1 and prior versions.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(500928);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/04");
script_cve_id("CVE-2021-35534");
script_name(english:"Hitachi Energy GMS600, PWC600, and Relion Improper Access Control (CVE-2021-35534)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"Insufficient security control vulnerability in internal database
access mechanism of Hitachi Energy Relion 670/650/SAM600-IO, Relion
650, GMS600, PWC600 allows attacker who successfully exploited this
vulnerability, of which the product does not sufficiently restrict
access to an internal database tables, could allow anybody with user
credentials to bypass security controls that is enforced by the
product. Consequently, exploitation may lead to unauthorized
modifications on data/firmware, and/or to permanently disabling the
product. This issue affects: Hitachi Energy Relion 670 Series 2.0 all
revisions; 2.2.2 all revisions; 2.2.3 versions prior to 2.2.3.5.
Hitachi Energy Relion 670/650 Series 2.1 all revisions. 2.2.0 all
revisions; 2.2.4 all revisions; Hitachi Energy Relion
670/650/SAM600-IO 2.2.1 all revisions; 2.2.5 versions prior to
2.2.5.2. Hitachi Energy Relion 650 1.0 all revisions. 1.1 all
revisions; 1.2 all revisions; 1.3 versions prior to 1.3.0.8; Hitachi
Energy GMS600 1.3.0; 1.3.0.1; 1.2.0. Hitachi Energy PWC600 1.0.1
version 1.0.1.4 and prior versions; 1.1.0 version 1.1.0.1 and prior
versions.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
# https://search.abb.com/library/Download.aspx?DocumentID=8DBD000059&LanguageCode=en&DocumentPartId=&Action=Launch
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0394acf5");
# https://search.abb.com/library/Download.aspx?DocumentID=8DBD000058&LanguageCode=en&DocumentPartId=&Action=Launch
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?02e84ace");
# https://search.abb.com/library/Download.aspx?DocumentID=8DBD000060&LanguageCode=en&DocumentPartId=&Action=Launch
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3d892aa9");
script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-21-343-01");
script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.
Hitachi Energy recommends upgrading to the latest version of their software when it becomes available:
- Relion 670 series Version 2.2.3: Update to Version 2.2.3.5
- Relion 670/650/SAM600-IO series Version 2.2.5: Update to Version 2.2.5.2
- Relion 650 series Version 1.3: Update to Version 1.3.0.8
- Relion 650 series Version 1.2: Update to Version 1.3
- Relion 670 series Version 2.2.3 to 2.2.3.4: Update to Version 2.2.3.5
- Relion 670/650/SAM600-IO series Version 2.2.5 to revision 2.2.5.1: Update to Version 2.2.5.2
- Relion 670/650 series Version 2.1, all revisions: Update to Version 2.1.0.5
For other affected versions, please follow mitigation factors in Hitachi EnergyΓ’ΒΒs advisories. Hitachi Energy recommends
the following security practices and firewall configurations to help protect process control networks from attacks that
originate from outside the network: Physically protect process control systems from direct access by unauthorized
personnel.
- Do not directly connect to the Internet.
- Separate from other networks by means of a firewall system that has a minimal number of ports exposed.
- Process control systems should not be used for Internet surfing, instant messaging, or receiving e-mails.
- Limit open database connectivity (ODBC) protocol for device configuration within the substation only.
- Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a
control system.
For additional information and support please contact your product provider or Hitachi Energy service organization. For
contact information, visit Hitachi Energy contact-centers.
Please see the Hitachi Energy PWC600, GMS600, and Relion advisories for additional mitigation and update information.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-35534");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_cwe_id(269);
script_set_attribute(attribute:"vuln_publication_date", value:"2021/11/18");
script_set_attribute(attribute:"patch_publication_date", value:"2021/11/18");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/03/29");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hitachienergy:relion_650_firmware:1.0.0");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hitachienergy:relion_650_firmware:1.1.0");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hitachienergy:relion_650_firmware:1.2.0");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hitachienergy:relion_650_firmware:1.3.0");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hitachienergy:relion_650_firmware:2.1.0");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hitachienergy:relion_650_firmware:2.2.0");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hitachienergy:relion_650_firmware:2.2.1");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hitachienergy:relion_650_firmware:2.2.4");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hitachienergy:relion_650_firmware:2.2.5");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hitachienergy:relion_670_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hitachienergy:relion_670_firmware:2.0.0");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hitachienergy:relion_670_firmware:2.1.0");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hitachienergy:relion_670_firmware:2.2.0");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hitachienergy:relion_670_firmware:2.2.1");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hitachienergy:relion_670_firmware:2.2.2");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hitachienergy:relion_670_firmware:2.2.3");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hitachienergy:relion_670_firmware:2.2.4");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hitachienergy:relion_670_firmware:2.2.5");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hitachienergy:relion_sam600-io_firmware:2.2.1");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hitachienergy:relion_sam600-io_firmware:2.2.5");
script_set_attribute(attribute:"generated_plugin", value:"former");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/ABB");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/ABB');
var asset = tenable_ot::assets::get(vendor:'ABB');
var vuln_cpes = {
"cpe:/o:hitachienergy:relion_670_firmware:2.0.0" :
{"versionEndIncluding" : "2.0.0", "versionStartIncluding" : "2.0.0", "family" : "AbbRelion"},
"cpe:/o:hitachienergy:relion_670_firmware:2.1.0" :
{"versionEndIncluding" : "2.1.0", "versionStartIncluding" : "2.1.0", "family" : "AbbRelion"},
"cpe:/o:hitachienergy:relion_670_firmware:2.2.0" :
{"versionEndIncluding" : "2.2.0", "versionStartIncluding" : "2.2.0", "family" : "AbbRelion"},
"cpe:/o:hitachienergy:relion_670_firmware:2.2.1" :
{"versionEndIncluding" : "2.2.1", "versionStartIncluding" : "2.2.1", "family" : "AbbRelion"},
"cpe:/o:hitachienergy:relion_670_firmware:2.2.2" :
{"versionEndIncluding" : "2.2.2", "versionStartIncluding" : "2.2.2", "family" : "AbbRelion"},
"cpe:/o:hitachienergy:relion_670_firmware:2.2.3" :
{"versionEndIncluding" : "2.2.3", "versionStartIncluding" : "2.2.3", "family" : "AbbRelion"},
"cpe:/o:hitachienergy:relion_670_firmware:2.2.4" :
{"versionEndIncluding" : "2.2.4", "versionStartIncluding" : "2.2.4", "family" : "AbbRelion"},
"cpe:/o:hitachienergy:relion_670_firmware:2.2.5" :
{"versionEndIncluding" : "2.2.5", "versionStartIncluding" : "2.2.5", "family" : "AbbRelion"},
"cpe:/o:hitachienergy:relion_650_firmware:1.0.0" :
{"versionEndIncluding" : "1.0.0", "versionStartIncluding" : "1.0.0", "family" : "AbbRelion"},
"cpe:/o:hitachienergy:relion_650_firmware:1.1.0" :
{"versionEndIncluding" : "1.1.0", "versionStartIncluding" : "1.1.0", "family" : "AbbRelion"},
"cpe:/o:hitachienergy:relion_650_firmware:1.2.0" :
{"versionEndIncluding" : "1.2.0", "versionStartIncluding" : "1.2.0", "family" : "AbbRelion"},
"cpe:/o:hitachienergy:relion_650_firmware:1.3.0" :
{"versionEndIncluding" : "1.3.0", "versionStartIncluding" : "1.3.0", "family" : "AbbRelion"},
"cpe:/o:hitachienergy:relion_650_firmware:2.1.0" :
{"versionEndIncluding" : "2.1.0", "versionStartIncluding" : "2.1.0", "family" : "AbbRelion"},
"cpe:/o:hitachienergy:relion_650_firmware:2.2.0" :
{"versionEndIncluding" : "2.2.0", "versionStartIncluding" : "2.2.0", "family" : "AbbRelion"},
"cpe:/o:hitachienergy:relion_650_firmware:2.2.1" :
{"versionEndIncluding" : "2.2.1", "versionStartIncluding" : "2.2.1", "family" : "AbbRelion"},
"cpe:/o:hitachienergy:relion_650_firmware:2.2.4" :
{"versionEndIncluding" : "2.2.4", "versionStartIncluding" : "2.2.4", "family" : "AbbRelion"},
"cpe:/o:hitachienergy:relion_650_firmware:2.2.5" :
{"versionEndIncluding" : "2.2.5", "versionStartIncluding" : "2.2.5", "family" : "AbbRelion"},
"cpe:/o:hitachienergy:relion_sam600-io_firmware:2.2.1" :
{"versionEndIncluding" : "2.2.1", "versionStartIncluding" : "2.2.1", "family" : "AbbRelion"},
"cpe:/o:hitachienergy:relion_sam600-io_firmware:2.2.5" :
{"versionEndIncluding" : "2.2.5", "versionStartIncluding" : "2.2.5", "family" : "AbbRelion"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);
| Vendor | Product | Version | CPE |
|---|---|---|---|
| hitachienergy | relion_650_firmware | 1.0.0 | cpe:/o:hitachienergy:relion_650_firmware:1.0.0 |
| hitachienergy | relion_650_firmware | 1.1.0 | cpe:/o:hitachienergy:relion_650_firmware:1.1.0 |
| hitachienergy | relion_650_firmware | 1.2.0 | cpe:/o:hitachienergy:relion_650_firmware:1.2.0 |
| hitachienergy | relion_650_firmware | 1.3.0 | cpe:/o:hitachienergy:relion_650_firmware:1.3.0 |
| hitachienergy | relion_650_firmware | 2.1.0 | cpe:/o:hitachienergy:relion_650_firmware:2.1.0 |
| hitachienergy | relion_650_firmware | 2.2.0 | cpe:/o:hitachienergy:relion_650_firmware:2.2.0 |
| hitachienergy | relion_650_firmware | 2.2.1 | cpe:/o:hitachienergy:relion_650_firmware:2.2.1 |
| hitachienergy | relion_650_firmware | 2.2.4 | cpe:/o:hitachienergy:relion_650_firmware:2.2.4 |
| hitachienergy | relion_650_firmware | 2.2.5 | cpe:/o:hitachienergy:relion_650_firmware:2.2.5 |
| hitachienergy | relion_670_firmware | cpe:/o:hitachienergy:relion_670_firmware |
Related
cve
cve
CVE-2021-35534
2021-11-18 17:15:08
nvd
nvd
CVE-2021-35534
2021-11-18 17:15:08
cvelist
cvelist
CVE-2021-35534 Insufficient Security Control Vulnerability
2021-11-04 00:00:00
ics
ics
Hitachi Energy GMS600, PWC600, and Relion (Update A)
2021-12-09 12:00:00
prion
prion
Security feature bypass
2021-11-18 17:15:00
7 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
59.4%
Related for TENABLE_OT_ABB_CVE-2021-35534.NASL