CVE-2021-22278 – Certificate verification vulnerability in Update Manager of PCM600 Engineering Tool
https://notcve.org/view.php?id=CVE-2021-22278
A certificate validation vulnerability in PCM600 Update Manager allows attacker to get unwanted software packages to be installed on computer which has PCM600 installed. Una vulnerabilidad de comprobación de certificados en PCM600 Update Manager permite a un atacante conseguir que se instalen paquetes de software no deseados en el ordenador que presenta instalado el PCM600 • https://search.abb.com/library/Download.aspx?DocumentID=2NGA001142&LanguageCode=en&DocumentPartId=&Action=Launch https://search.abb.com/library/Download.aspx?DocumentID=8DBD000056&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-295: Improper Certificate Validation •
CVE-2021-35526 – Storage of Sensitive Information Vulnerability in Hitachi ABB Power Grids System Data Manager – SDM600 Product
https://notcve.org/view.php?id=CVE-2021-35526
Backup file without encryption vulnerability is found in Hitachi ABB Power Grids System Data Manager – SDM600 allows attacker to gain access to sensitive information. This issue affects: Hitachi ABB Power Grids System Data Manager – SDM600 1.2 versions prior to FP2 HF6 (Build Nr. 1.2.14002.257). Se ha encontrado una vulnerabilidad de archivo de copia de seguridad sin cifrado en Hitachi ABB Power Grids System Data Manager - SDM600 que permite a un atacante conseguir acceso a información confidencial. Este problema afecta a: Hitachi ABB Power Grids System Data Manager - SDM600 versión 1.2 anteriores a FP2 HF6 (Build Nr. 1.2.14002.257) • https://search.abb.com/library/Download.aspx?utm_campaign=&utm_content=2021.08_5051_Cybersecurity%20Advisory%3A&utm_medium=email&utm_source=Eloqua&DocumentID=9AKK107992A4700&LanguageCode=en&DocumentPartId=&Action=Launch&elqTrackId=ba79ef3d8aec4a4fad6c0cbe06d33d6c&elq=1bda419954724e908db108def16646a5&elqaid=3638&elqat=1&elqCampaignId= https://us-cert.cisa.gov/ics/advisories/icsa-21-250-02 • CWE-312: Cleartext Storage of Sensitive Information CWE-863: Incorrect Authorization •
CVE-2021-35529 – Password in Memory Vulnerability in Retail Operations Product and Counterparty Settlement and Billing (CSB)
https://notcve.org/view.php?id=CVE-2021-35529
Insufficiently Protected Credentials vulnerability in client environment of Hitachi ABB Power Grids Retail Operations and Counterparty Settlement Billing (CSB) allows an attacker or unauthorized user to access database credentials, shut down the product and access or alter. This issue affects: Hitachi ABB Power Grids Retail Operations version 5.7.2 and prior versions. Hitachi ABB Power Grids Counterparty Settlement Billing (CSB) version 5.7.2 and prior versions. Una vulnerabilidad de Credenciales Insuficientemente Protegidas en el entorno del cliente de Hitachi ABB Power Grids Retail Operations y Counterparty Settlement Billing (CSB) permite a un atacante o a un usuario no autorizado acceder a las credenciales de la base de datos, cerrar el producto y acceder a él o alterarlo. Este problema afecta a: Hitachi ABB Power Grids Retail Operations versión 5.7.2 y versiones anteriores. • https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5821&LanguageCode=en&DocumentPartId=&Action=Launch https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5933&LanguageCode=en&DocumentPartId=&Action=Launch https://us-cert.cisa.gov/ics/advisories/icsa-21-236-02 • CWE-522: Insufficiently Protected Credentials •
CVE-2021-35527 – Password Autocomplete Vulnerability in Hitachi ABB Power Grids eSOMS Application
https://notcve.org/view.php?id=CVE-2021-35527
Password autocomplete vulnerability in the web application password field of Hitachi ABB Power Grids eSOMS allows attacker to gain access to user credentials that are stored by the browser. This issue affects: Hitachi ABB Power Grids eSOMS version 6.3 and prior versions. Una vulnerabilidad de autocompletar la contraseña en el campo password de la aplicación web de Hitachi ABB Power Grids eSOMS, permite a un atacante conseguir acceso a unas credenciales de usuario almacenadas por el navegador. Este problema afecta a: Hitachi ABB Power Grids eSOMS versión 6.3 y versiones anteriores • https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A0957&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-522: Insufficiently Protected Credentials •
CVE-2021-26845 – eSOMS Report Function Vulnerability
https://notcve.org/view.php?id=CVE-2021-26845
Information Exposure vulnerability in Hitachi ABB Power Grids eSOMS allows unauthorized user to gain access to report data if the URL used to access the report is discovered. This issue affects: Hitachi ABB Power Grids eSOMS 6.0 versions prior to 6.0.4.2.2; 6.1 versions prior to 6.1.4; 6.3 versions prior to 6.3. Una vulnerabilidad de Exposición de Información en Hitachi ABB Power Grids eSOMS, permite a un usuario no autorizado acceder a los datos de los reportes si se detecta la URL utilizada para acceder al reporte. Este problema afecta a: Hitachi ABB Power Grids eSOMS versiones 6.0 anteriores a 6.0.4.2.2; versiones 6.1 anteriores a 6.1.4; versiones 6.3 anteriores a 6.3 • https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A8942&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-863: Incorrect Authorization •