Lucene search

K
nvd[email protected]NVD:CVE-2021-35531
HistoryJun 07, 2022 - 9:15 p.m.

CVE-2021-35531

2022-06-0721:15:14
CWE-20
CWE-78
web.nvd.nist.gov
2
improper input validation
hitachi energy
txpert hub
os command injection
cve-2021-35531
version 2.2.1
security vulnerability

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0

Percentile

13.1%

Improper Input Validation vulnerability in a particular configuration setting field of Hitachi Energy TXpert Hub CoreTec 4 product, allows an attacker with access to an authorized user with ADMIN or ENGINEER role rights to inject an OS command that is executed by the system. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0; 2.0.1; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1.

Affected configurations

Nvd
Node
hitachienergytxpert_hub_coretec_4_firmwareMatch2.0.0
OR
hitachienergytxpert_hub_coretec_4_firmwareMatch2.0.1
OR
hitachienergytxpert_hub_coretec_4_firmwareMatch2.1.0
OR
hitachienergytxpert_hub_coretec_4_firmwareMatch2.1.1
OR
hitachienergytxpert_hub_coretec_4_firmwareMatch2.1.2
OR
hitachienergytxpert_hub_coretec_4_firmwareMatch2.1.3
OR
hitachienergytxpert_hub_coretec_4_firmwareMatch2.2.0
OR
hitachienergytxpert_hub_coretec_4_firmwareMatch2.2.1
AND
hitachienergytxpert_hub_coretec_4Match-
VendorProductVersionCPE
hitachienergytxpert_hub_coretec_4_firmware2.0.0cpe:2.3:o:hitachienergy:txpert_hub_coretec_4_firmware:2.0.0:*:*:*:*:*:*:*
hitachienergytxpert_hub_coretec_4_firmware2.0.1cpe:2.3:o:hitachienergy:txpert_hub_coretec_4_firmware:2.0.1:*:*:*:*:*:*:*
hitachienergytxpert_hub_coretec_4_firmware2.1.0cpe:2.3:o:hitachienergy:txpert_hub_coretec_4_firmware:2.1.0:*:*:*:*:*:*:*
hitachienergytxpert_hub_coretec_4_firmware2.1.1cpe:2.3:o:hitachienergy:txpert_hub_coretec_4_firmware:2.1.1:*:*:*:*:*:*:*
hitachienergytxpert_hub_coretec_4_firmware2.1.2cpe:2.3:o:hitachienergy:txpert_hub_coretec_4_firmware:2.1.2:*:*:*:*:*:*:*
hitachienergytxpert_hub_coretec_4_firmware2.1.3cpe:2.3:o:hitachienergy:txpert_hub_coretec_4_firmware:2.1.3:*:*:*:*:*:*:*
hitachienergytxpert_hub_coretec_4_firmware2.2.0cpe:2.3:o:hitachienergy:txpert_hub_coretec_4_firmware:2.2.0:*:*:*:*:*:*:*
hitachienergytxpert_hub_coretec_4_firmware2.2.1cpe:2.3:o:hitachienergy:txpert_hub_coretec_4_firmware:2.2.1:*:*:*:*:*:*:*
hitachienergytxpert_hub_coretec_4-cpe:2.3:h:hitachienergy:txpert_hub_coretec_4:-:*:*:*:*:*:*:*

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0

Percentile

13.1%

Related for NVD:CVE-2021-35531