CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2021-35528 – Authentication Bypass Vulnerability Vulnerability in Retail Operations Product and Counterparty Settlement and Billing (CSB)
https://notcve.org/view.php?id=CVE-2021-35528
Improper Access Control vulnerability in the application authentication and authorization of Hitachi Energy Retail Operations, Counterparty Settlement and Billing (CSB) allows an attacker to execute a modified signed Java Applet JAR file. A successful exploitation may lead to data extraction or modification of data inside the application. This issue affects: Hitachi Energy Retail Operations 5.7.3 and prior versions. Hitachi Energy Counterparty Settlement and Billing (CSB) 5.7.3 prior versions. Una vulnerabilidad de control de acceso inapropiado en la autenticación y autorización de la aplicación de Hitachi Energy Retail Operations, Counterparty Settlement and Billing (CSB) permite a un atacante ejecutar un archivo JAR Java Applet firmado modificado. • https://search.abb.com/library/Download.aspx?DocumentID=8DBD000067&LanguageCode=en&DocumentPartId=&Action=Launch https://search.abb.com/library/Download.aspx?DocumentID=8DBD000068&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-284: Improper Access Control •
CVSS: 7.7EPSS: 0%CPEs: 2EXPL: 0CVE-2021-35529 – Password in Memory Vulnerability in Retail Operations Product and Counterparty Settlement and Billing (CSB)
https://notcve.org/view.php?id=CVE-2021-35529
Insufficiently Protected Credentials vulnerability in client environment of Hitachi ABB Power Grids Retail Operations and Counterparty Settlement Billing (CSB) allows an attacker or unauthorized user to access database credentials, shut down the product and access or alter. This issue affects: Hitachi ABB Power Grids Retail Operations version 5.7.2 and prior versions. Hitachi ABB Power Grids Counterparty Settlement Billing (CSB) version 5.7.2 and prior versions. Una vulnerabilidad de Credenciales Insuficientemente Protegidas en el entorno del cliente de Hitachi ABB Power Grids Retail Operations y Counterparty Settlement Billing (CSB) permite a un atacante o a un usuario no autorizado acceder a las credenciales de la base de datos, cerrar el producto y acceder a él o alterarlo. Este problema afecta a: Hitachi ABB Power Grids Retail Operations versión 5.7.2 y versiones anteriores. • https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5821&LanguageCode=en&DocumentPartId=&Action=Launch https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5933&LanguageCode=en&DocumentPartId=&Action=Launch https://us-cert.cisa.gov/ics/advisories/icsa-21-236-02 • CWE-522: Insufficiently Protected Credentials •