CVE-2021-35528

Published: Nov 17, 2021Modified: Nov 21, 2024

7.1

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Exploitability: 1.8 / Impact: 5.2

Source: NVD

Description

Improper Access Control vulnerability in the application authentication and authorization of Hitachi Energy Retail Operations, Counterparty Settlement and Billing (CSB) allows an attacker to execute a modified signed Java Applet JAR file. A successful exploitation may lead to data extraction or modification of data inside the application. This issue affects: Hitachi Energy Retail Operations 5.7.3 and prior versions. Hitachi Energy Counterparty Settlement and Billing (CSB) 5.7.3 prior versions.

Affected (2)

Products: Hitachienergy: Counterparty Settlements And Billing, Retail Operations

2 products

Counterparty Settlements And Billing

Retail Operations

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Hitachienergy Counterparty Settlements And Billing	Up to 5.7.3
Hitachienergy Retail Operations	Up to 5.7.3

Related CWEs

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (4)

https://search.abb.com/library/Download.aspx?DocumentID=8DBD000067&LanguageCode=en&DocumentPartId=&Action=Launch

Source: cybersecurity@hitachienergy.com

Vendor Advisory

https://search.abb.com/library/Download.aspx?DocumentID=8DBD000068&LanguageCode=en&DocumentPartId=&Action=Launch

Source: cybersecurity@hitachienergy.com

Vendor Advisory

https://search.abb.com/library/Download.aspx?DocumentID=8DBD000067&LanguageCode=en&DocumentPartId=&Action=Launch

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://search.abb.com/library/Download.aspx?DocumentID=8DBD000068&LanguageCode=en&DocumentPartId=&Action=Launch

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.