Lucene search
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_ABB_CVE-2021-35535.NASLHistoryMar 29, 2023 - 12:00 a.m.
Hitachi Energy Relion 670/650/SAM600-IO Initialization of a Resource with an Insecure Default (CVE-2021-35535)
2023-03-2900:00:00
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
7
hitachi energy
relion 670
relion 650
sam600-io
insecure boot
unauthorized access
denial-of-service
vxworks
cve-2021-35535
tenable.ot
scanner
Insecure Boot Image vulnerability in Hitachi Energy Relion Relion 670/650/SAM600-IO series allows an attacker who manages to get access to the front network port and to cause a reboot sequences of the device may exploit the vulnerability, where there is a tiny time gap during the booting process where an older version of VxWorks is loaded prior to application firmware booting, could exploit the vulnerability in the older version of VxWorks and cause a denial-of-service on the product. This issue affects: Hitachi Energy Relion 670 Series 2.2.2 all revisions; 2.2.3 versions prior to 2.2.3.3. Hitachi Energy Relion 670/650 Series 2.2.0 all revisions; 2.2.4 all revisions. Hitachi Energy Relion 670/650/SAM600-IO 2.2.1 all revisions.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(500935);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/04");
script_cve_id("CVE-2021-35535");
script_name(english:"Hitachi Energy Relion 670/650/SAM600-IO Initialization of a Resource with an Insecure Default (CVE-2021-35535)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"Insecure Boot Image vulnerability in Hitachi Energy Relion Relion
670/650/SAM600-IO series allows an attacker who manages to get access
to the front network port and to cause a reboot sequences of the
device may exploit the vulnerability, where there is a tiny time gap
during the booting process where an older version of VxWorks is loaded
prior to application firmware booting, could exploit the vulnerability
in the older version of VxWorks and cause a denial-of-service on the
product. This issue affects: Hitachi Energy Relion 670 Series 2.2.2
all revisions; 2.2.3 versions prior to 2.2.3.3. Hitachi Energy Relion
670/650 Series 2.2.0 all revisions; 2.2.4 all revisions. Hitachi
Energy Relion 670/650/SAM600-IO 2.2.1 all revisions.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
# https://search.abb.com/library/Download.aspx?DocumentID=8DBD000061&LanguageCode=en&DocumentPartId=&Action=Launch
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?80bf28df");
script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-21-336-05");
script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.
Hitachi Energy recommends the following actions to mitigate this vulnerability:
- Relion 670/650 series Version 2.2.0: Upgrade to Version 2.2.5
- Relion 670/650/SAM600-IO series Version 2.2.1: Upgrade to Version 2.2.5
- Relion 670 series Version 2.2.2: Upgrade to Version 2.2.5
- Relion 670 series Version 2.2.3: Update to Revision 2.2.3.4 or upgrade to Version 2.2.5
- Relion 670/650 series Version 2.2.4: Upgrade to Version 2.2.5
Hitachi Energy recommends the following security practices and firewall configurations to help protect process control
networks from attacks that originate from outside the network:
- Physically protect process control systems from direct access by unauthorized personnel.
- Do not directly connect to the Internet.
- Separate from other networks by means of a firewall system that has a minimal number of ports exposed.
- Process control systems should not be used for Internet surfing, instant messaging, or receiving e-mails.
- Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a
control system.
Please see Hitachi Energy advisory 8DBD000061 for additional mitigation and update information.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-35535");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_cwe_id(1188);
script_set_attribute(attribute:"vuln_publication_date", value:"2021/11/18");
script_set_attribute(attribute:"patch_publication_date", value:"2021/11/18");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/03/29");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hitachienergy:relion_650_firmware:2.2.0");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hitachienergy:relion_650_firmware:2.2.1");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hitachienergy:relion_650_firmware:2.2.4");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hitachienergy:relion_670_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hitachienergy:relion_670_firmware:2.2.0");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hitachienergy:relion_670_firmware:2.2.1");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hitachienergy:relion_670_firmware:2.2.2");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hitachienergy:relion_670_firmware:2.2.4");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hitachienergy:relion_sam600-io_firmware:2.2.1");
script_set_attribute(attribute:"generated_plugin", value:"former");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/ABB");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/ABB');
var asset = tenable_ot::assets::get(vendor:'ABB');
var vuln_cpes = {
"cpe:/o:hitachienergy:relion_670_firmware:2.2.3" :
{"versionEndIncluding" : "2.2.3.3", "versionStartIncluding" : "2.2.3", "family" : "AbbRelion"},
"cpe:/o:hitachienergy:relion_670_firmware:2.2.0" :
{"versionEndIncluding" : "2.2.0", "versionStartIncluding" : "2.2.0", "family" : "AbbRelion"},
"cpe:/o:hitachienergy:relion_670_firmware:2.2.1" :
{"versionEndIncluding" : "2.2.1", "versionStartIncluding" : "2.2.1", "family" : "AbbRelion"},
"cpe:/o:hitachienergy:relion_670_firmware:2.2.2" :
{"versionEndIncluding" : "2.2.2", "versionStartIncluding" : "2.2.2", "family" : "AbbRelion"},
"cpe:/o:hitachienergy:relion_670_firmware:2.2.4" :
{"versionEndIncluding" : "2.2.4", "versionStartIncluding" : "2.2.4", "family" : "AbbRelion"},
"cpe:/o:hitachienergy:relion_650_firmware:2.2.0" :
{"versionEndIncluding" : "2.2.0", "versionStartIncluding" : "2.2.0", "family" : "AbbRelion"},
"cpe:/o:hitachienergy:relion_650_firmware:2.2.1" :
{"versionEndIncluding" : "2.2.1", "versionStartIncluding" : "2.2.1", "family" : "AbbRelion"},
"cpe:/o:hitachienergy:relion_650_firmware:2.2.4" :
{"versionEndIncluding" : "2.2.4", "versionStartIncluding" : "2.2.4", "family" : "AbbRelion"},
"cpe:/o:hitachienergy:relion_sam600-io_firmware:2.2.1" :
{"versionEndIncluding" : "2.2.1", "versionStartIncluding" : "2.2.1", "family" : "AbbRelion"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);
| Vendor | Product | Version | CPE |
|---|---|---|---|
| hitachienergy | relion_650_firmware | 2.2.0 | cpe:/o:hitachienergy:relion_650_firmware:2.2.0 |
| hitachienergy | relion_650_firmware | 2.2.1 | cpe:/o:hitachienergy:relion_650_firmware:2.2.1 |
| hitachienergy | relion_650_firmware | 2.2.4 | cpe:/o:hitachienergy:relion_650_firmware:2.2.4 |
| hitachienergy | relion_670_firmware | cpe:/o:hitachienergy:relion_670_firmware | |
| hitachienergy | relion_670_firmware | 2.2.0 | cpe:/o:hitachienergy:relion_670_firmware:2.2.0 |
| hitachienergy | relion_670_firmware | 2.2.1 | cpe:/o:hitachienergy:relion_670_firmware:2.2.1 |
| hitachienergy | relion_670_firmware | 2.2.2 | cpe:/o:hitachienergy:relion_670_firmware:2.2.2 |
| hitachienergy | relion_670_firmware | 2.2.4 | cpe:/o:hitachienergy:relion_670_firmware:2.2.4 |
| hitachienergy | relion_sam600-io_firmware | 2.2.1 | cpe:/o:hitachienergy:relion_sam600-io_firmware:2.2.1 |
Related
nvd
nvd
CVE-2021-35535
2021-11-18 16:15:08
prion
prion
Design/Logic Flaw
2021-11-18 16:15:00
cvelist
cvelist
CVE-2021-35535 Insufficient Security Control Vulnerability
2021-11-04 00:00:00
ics
ics
Hitachi Energy Relion 670/650/SAM600-IO
2021-12-02 12:00:00
cve
cve
CVE-2021-35535
2021-11-18 16:15:08
8 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
58.4%
Related for TENABLE_OT_ABB_CVE-2021-35535.NASL