CVE-2021-35534 — HIGH (7.2)

Vulnerability Description

Insufficient security control vulnerability in internal database access mechanism of Hitachi Energy Relion 670/650/SAM600-IO, Relion 650, GMS600, PWC600 allows attacker who successfully exploited this vulnerability, of which the product does not sufficiently restrict access to an internal database tables, could allow anybody with user credentials to bypass security controls that is enforced by the product. Consequently, exploitation may lead to unauthorized modifications on data/firmware, and/or to permanently disabling the product. This issue affects: Hitachi Energy Relion 670 Series 2.0 all revisions; 2.2.2 all revisions; 2.2.3 versions prior to 2.2.3.5. Hitachi Energy Relion 670/650 Series 2.1 all revisions. 2.2.0 all revisions; 2.2.4 all revisions; Hitachi Energy Relion 670/650/SAM600-IO 2.2.1 all revisions; 2.2.5 versions prior to 2.2.5.2. Hitachi Energy Relion 650 1.0 all revisions. 1.1 all revisions; 1.2 all revisions; 1.3 versions prior to 1.3.0.8; Hitachi Energy GMS600 1.3.0; 1.3.0.1; 1.2.0. Hitachi Energy PWC600 1.0.1 version 1.0.1.4 and prior versions; 1.1.0 version 1.1.0.1 and prior versions.

CVSS Score

7.2

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Hitachienergy	Gms600 Firmware	1.2.0
Hitachienergy	Gms600	-
Hitachienergy	Relion 670 Firmware	All versions
Hitachienergy	Relion 670	-
Hitachienergy	Relion 650 Firmware	1.0.0
Hitachienergy	Relion 650	-
Hitachienergy	Relion Sam600-Io Firmware	2.2.1
Hitachienergy	Relion Sam600-Io	-
Hitachienergy	Pwc600 Firmware	1.0.1.0
Hitachienergy	Pwc600	-

Related Weaknesses (CWE)

CWE-274 CWE-269

References

https://search.abb.com/library/Download.aspx?DocumentID=8DBD000058&LanguageCode=Vendor Advisory
https://search.abb.com/library/Download.aspx?DocumentID=8DBD000059&LanguageCode=Vendor Advisory
https://search.abb.com/library/Download.aspx?DocumentID=8DBD000060&LanguageCode=Vendor Advisory
https://search.abb.com/library/Download.aspx?DocumentID=8DBD000058&LanguageCode=Vendor Advisory
https://search.abb.com/library/Download.aspx?DocumentID=8DBD000059&LanguageCode=Vendor Advisory
https://search.abb.com/library/Download.aspx?DocumentID=8DBD000060&LanguageCode=Vendor Advisory

FAQ

What is CVE-2021-35534?

CVE-2021-35534 is a vulnerability with a CVSS score of 7.2 (HIGH). Insufficient security control vulnerability in internal database access mechanism of Hitachi Energy Relion 670/650/SAM600-IO, Relion 650, GMS600, PWC600 allows attacker who successfully exploited this...

How severe is CVE-2021-35534?

CVE-2021-35534 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-35534?

Check the references section above for vendor advisories and patch information. Affected products include: Hitachienergy Gms600 Firmware, Hitachienergy Gms600, Hitachienergy Relion 670 Firmware, Hitachienergy Relion 670, Hitachienergy Relion 650 Firmware.