CVE-2021-35530 — MEDIUM (6.0)

Vulnerability Description

A vulnerability in the application authentication and authorization mechanism in Hitachi Energy's TXpert Hub CoreTec 4, that depends on a token validation of the session identifier, allows an unauthorized modified message to be executed in the server enabling an unauthorized actor to change an existing user password, and further gain authorized access into the system via login mechanism. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0 2.1.0; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1.

CVSS Score

6.0

MEDIUM

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

LOW

Affected Products

Vendor	Product	Versions
Hitachienergy	Txpert Hub Coretec 4 Firmware	2.0.0
Hitachienergy	Txpert Hub Coretec 4	-

Related Weaknesses (CWE)

CWE-288

References

https://search.abb.com/library/Download.aspx?DocumentID=8DBD000080&LanguageCode=Vendor Advisory
https://search.abb.com/library/Download.aspx?DocumentID=8DBD000080&LanguageCode=Vendor Advisory

FAQ

What is CVE-2021-35530?

CVE-2021-35530 is a vulnerability with a CVSS score of 6.0 (MEDIUM). A vulnerability in the application authentication and authorization mechanism in Hitachi Energy's TXpert Hub CoreTec 4, that depends on a token validation of the session identifier, allows an unauthor...

How severe is CVE-2021-35530?

CVE-2021-35530 has been rated MEDIUM with a CVSS base score of 6.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-35530?

Check the references section above for vendor advisories and patch information. Affected products include: Hitachienergy Txpert Hub Coretec 4 Firmware, Hitachienergy Txpert Hub Coretec 4.