CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27416 – Cross-site scripting in Hitachi ABB Power Grids Ellipse EAM
https://notcve.org/view.php?id=CVE-2021-27416
11 Mar 2022 — An attacker could exploit this vulnerability in Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 by tricking a user to click on a link containing malicious code that would then be run by the web browser. This can result in the compromise of confidential information, or even the takeover of the user’s session. Un atacante podría explotar esta vulnerabilidad en Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versiones anteriores a 9.0.2... • https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A7777&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2021-40333 – Weak default credential associated with TCP port 26
https://notcve.org/view.php?id=CVE-2021-40333
02 Dec 2021 — Weak Password Requirements vulnerability in Hitachi Energy FOX61x, XCM20 allows an attacker to gain unauthorized access to the Data Communication Network (DCN) routing configuration. This issue affects: Hitachi Energy FOX61x versions prior to R15A. Hitachi Energy XCM20 versions prior to R15A. Una vulnerabilidad de Requisitos de Contraseña Débiles en Hitachi Energy FOX61x, XCM20 permite a un atacante conseguir acceso no autorizado a la configuración de enrutamiento de la red de comunicación de datos (DCN). E... • https://search.abb.com/library/Download.aspx?DocumentID=8DBD000062&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-521: Weak Password Requirements •
CVSS: 8.6EPSS: 0%CPEs: 4EXPL: 0CVE-2021-40334 – SSH activation problem in the proprietary management protocol (port TCP 5558)
https://notcve.org/view.php?id=CVE-2021-40334
02 Dec 2021 — Missing Handler vulnerability in the proprietary management protocol (port TCP 5558) of Hitachi Energy FOX61x, XCM20 allows an attacker that exploits the vulnerability by activating SSH on port TCP 5558 to cause disruption to the NMS and NE communication. This issue affects: Hitachi Energy FOX61x versions prior to R15A. Hitachi Energy XCM20 versions prior to R15A. Una vulnerabilidad de Manejo Faltante en el protocolo de administración propietario (puerto TCP 5558) de Hitachi Energy FOX61x, XCM20 permite que... • https://search.abb.com/library/Download.aspx?DocumentID=8DBD000062&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-431: Missing Handler •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-35533 – Specially Crafted IEC 60870-5-104 Packet Vulnerability in RTU500 series
https://notcve.org/view.php?id=CVE-2021-35533
26 Nov 2021 — Improper Input Validation vulnerability in the APDU parser in the Bidirectional Communication Interface (BCI) IEC 60870-5-104 function of Hitachi Energy RTU500 series allows an attacker to cause the receiving RTU500 CMU of which the BCI is enabled to reboot when receiving a specially crafted message. By default, BCI IEC 60870-5-104 function is disabled (not configured). This issue affects: Hitachi Energy RTU500 series CMU Firmware version 12.0.* (all versions); CMU Firmware version 12.2.* (all versions); CM... • https://search.abb.com/library/Download.aspx?DocumentID=8DBD000063&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 0%CPEs: 34EXPL: 0CVE-2021-35534 – Insufficient Security Control Vulnerability
https://notcve.org/view.php?id=CVE-2021-35534
18 Nov 2021 — Insufficient security control vulnerability in internal database access mechanism of Hitachi Energy Relion 670/650/SAM600-IO, Relion 650, GMS600, PWC600 allows attacker who successfully exploited this vulnerability, of which the product does not sufficiently restrict access to an internal database tables, could allow anybody with user credentials to bypass security controls that is enforced by the product. Consequently, exploitation may lead to unauthorized modifications on data/firmware, and/or to permanen... • https://search.abb.com/library/Download.aspx?DocumentID=8DBD000058&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-269: Improper Privilege Management CWE-274: Improper Handling of Insufficient Privileges •
CVSS: 8.1EPSS: 0%CPEs: 12EXPL: 0CVE-2021-35535 – Insufficient Security Control Vulnerability
https://notcve.org/view.php?id=CVE-2021-35535
18 Nov 2021 — Insecure Boot Image vulnerability in Hitachi Energy Relion Relion 670/650/SAM600-IO series allows an attacker who manages to get access to the front network port and to cause a reboot sequences of the device may exploit the vulnerability, where there is a tiny time gap during the booting process where an older version of VxWorks is loaded prior to application firmware booting, could exploit the vulnerability in the older version of VxWorks and cause a denial-of-service on the product. This issue affects: Hi... • https://search.abb.com/library/Download.aspx?DocumentID=8DBD000061&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2021-35528 – Authentication Bypass Vulnerability Vulnerability in Retail Operations Product and Counterparty Settlement and Billing (CSB)
https://notcve.org/view.php?id=CVE-2021-35528
17 Nov 2021 — Improper Access Control vulnerability in the application authentication and authorization of Hitachi Energy Retail Operations, Counterparty Settlement and Billing (CSB) allows an attacker to execute a modified signed Java Applet JAR file. A successful exploitation may lead to data extraction or modification of data inside the application. This issue affects: Hitachi Energy Retail Operations 5.7.3 and prior versions. Hitachi Energy Counterparty Settlement and Billing (CSB) 5.7.3 prior versions. Una vulnerabi... • https://search.abb.com/library/Download.aspx?DocumentID=8DBD000067&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-284: Improper Access Control •
CVSS: 6.7EPSS: 0%CPEs: 11EXPL: 0CVE-2021-22278 – Certificate verification vulnerability in Update Manager of PCM600 Engineering Tool
https://notcve.org/view.php?id=CVE-2021-22278
28 Oct 2021 — A certificate validation vulnerability in PCM600 Update Manager allows attacker to get unwanted software packages to be installed on computer which has PCM600 installed. Una vulnerabilidad de comprobación de certificados en PCM600 Update Manager permite a un atacante conseguir que se instalen paquetes de software no deseados en el ordenador que presenta instalado el PCM600 • https://search.abb.com/library/Download.aspx?DocumentID=2NGA001142&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-295: Improper Certificate Validation •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-35526 – Storage of Sensitive Information Vulnerability in Hitachi ABB Power Grids System Data Manager – SDM600 Product
https://notcve.org/view.php?id=CVE-2021-35526
08 Sep 2021 — Backup file without encryption vulnerability is found in Hitachi ABB Power Grids System Data Manager – SDM600 allows attacker to gain access to sensitive information. This issue affects: Hitachi ABB Power Grids System Data Manager – SDM600 1.2 versions prior to FP2 HF6 (Build Nr. 1.2.14002.257). Se ha encontrado una vulnerabilidad de archivo de copia de seguridad sin cifrado en Hitachi ABB Power Grids System Data Manager - SDM600 que permite a un atacante conseguir acceso a información confidencial. Este pr... • https://search.abb.com/library/Download.aspx?utm_campaign=&utm_content=2021.08_5051_Cybersecurity%20Advisory%3A&utm_medium=email&utm_source=Eloqua&DocumentID=9AKK107992A4700&LanguageCode=en&DocumentPartId=&Action=Launch&elqTrackId=ba79ef3d8aec4a4fad6c0cbe06d33d6c&elq=1bda419954724e908db108def16646a5&elqaid=3638&elqat=1&elqCampaignId= • CWE-312: Cleartext Storage of Sensitive Information CWE-863: Incorrect Authorization •
CVSS: 7.7EPSS: 0%CPEs: 2EXPL: 0CVE-2021-35529 – Password in Memory Vulnerability in Retail Operations Product and Counterparty Settlement and Billing (CSB)
https://notcve.org/view.php?id=CVE-2021-35529
20 Aug 2021 — Insufficiently Protected Credentials vulnerability in client environment of Hitachi ABB Power Grids Retail Operations and Counterparty Settlement Billing (CSB) allows an attacker or unauthorized user to access database credentials, shut down the product and access or alter. This issue affects: Hitachi ABB Power Grids Retail Operations version 5.7.2 and prior versions. Hitachi ABB Power Grids Counterparty Settlement Billing (CSB) version 5.7.2 and prior versions. Una vulnerabilidad de Credenciales Insuficien... • https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5821&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-522: Insufficiently Protected Credentials •