CVE-2021-35529 - OpenCVE

Insufficiently Protected Credentials vulnerability in client environment of Hitachi ABB Power Grids Retail Operations and Counterparty Settlement Billing (CSB) allows an attacker or unauthorized user to access database credentials, shut down the product and access or alter. This issue affects: Hitachi ABB Power Grids Retail Operations version 5.7.2 and prior versions. Hitachi ABB Power Grids Counterparty Settlement Billing (CSB) version 5.7.2 and prior versions.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hitachienergy	Counterparty Settlement And Billing Retail Operations

Configuration 1 [-]

OR	cpe:2.3:a:hitachienergy:counterparty_settlement_and_billing::::::::
	cpe:2.3:a:hitachienergy:retail_operations::::::::

No data.

References

Link	Providers
https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5821&LanguageCode=en&DocumentPartId=&Action=Launch
https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5933&LanguageCode=en&DocumentPartId=&Action=Launch
https://us-cert.cisa.gov/ics/advisories/icsa-21-236-02

History

No history.

MITRE

Status: PUBLISHED

Assigner: Hitachi Energy

Published: 2021-08-20T17:35:56.110359Z

Updated: 2024-09-17T02:20:38.762Z

Reserved: 2021-06-28T00:00:00

Link: CVE-2021-35529

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-08-20T18:15:07.900

Modified: 2023-05-16T20:09:00.503

Link: CVE-2021-35529

Redhat

No data.

{"containers": {"cna": {"affected": [{"platforms": ["prior to Build Nr. 1.2.14002.257"], "product": "Retail Operations", "vendor": "Hitachi ABB Power Grids", "versions": [{"lessThanOrEqual": "5.7.2", "status": "affected", "version": "5.7.2", "versionType": "custom"}]}, {"product": "Counterparty Settlement and Billing (CSB)", "vendor": "Hitachi ABB Power Grids", "versions": [{"lessThanOrEqual": "5.7.2", "status": "affected", "version": "5.7.2", "versionType": "custom"}]}], "datePublic": "2021-08-05T00:00:00", "descriptions": [{"lang": "en", "value": "Insufficiently Protected Credentials vulnerability in client environment of Hitachi ABB Power Grids Retail Operations and Counterparty Settlement Billing (CSB) allows an attacker or unauthorized user to access database credentials, shut down the product and access or alter. This issue affects: Hitachi ABB Power Grids Retail Operations version 5.7.2 and prior versions. Hitachi ABB Power Grids Counterparty Settlement Billing (CSB) version 5.7.2 and prior versions."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-522", "description": "CWE-522 Insufficiently Protected Credentials", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-10-08T16:40:20", "orgId": "e383dce4-0c27-4495-91c4-0db157728d17", "shortName": "Hitachi Energy"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5933&LanguageCode=en&DocumentPartId=&Action=Launch"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5821&LanguageCode=en&DocumentPartId=&Action=Launch"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-236-02"}], "solutions": [{"lang": "en", "value": "- Vulnerability is remediated in Retail Operations v5.7.3\n- Vulnerability is remediated in CSB v5.7.3"}], "source": {"discovery": "USER"}, "title": "Password in Memory Vulnerability in Retail Operations Product and Counterparty Settlement and Billing (CSB)", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cybersecurity@hitachi-powergrids.com", "DATE_PUBLIC": "2021-08-05T13:00:00.000Z", "ID": "CVE-2021-35529", "STATE": "PUBLIC", "TITLE": "Password in Memory Vulnerability in Retail Operations Product and Counterparty Settlement and Billing (CSB)"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Retail Operations", "version": {"version_data": [{"platform": "prior to Build Nr. 1.2.14002.257", "version_affected": "<=", "version_name": "5.7.2", "version_value": "5.7.2"}]}}, {"product_name": "Counterparty Settlement and Billing (CSB)", "version": {"version_data": [{"version_affected": "<=", "version_name": "5.7.2", "version_value": "5.7.2"}]}}]}, "vendor_name": "Hitachi ABB Power Grids"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Insufficiently Protected Credentials vulnerability in client environment of Hitachi ABB Power Grids Retail Operations and Counterparty Settlement Billing (CSB) allows an attacker or unauthorized user to access database credentials, shut down the product and access or alter. This issue affects: Hitachi ABB Power Grids Retail Operations version 5.7.2 and prior versions. Hitachi ABB Power Grids Counterparty Settlement Billing (CSB) version 5.7.2 and prior versions."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-522 Insufficiently Protected Credentials"}]}]}, "references": {"reference_data": [{"name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5933&LanguageCode=en&DocumentPartId=&Action=Launch", "refsource": "CONFIRM", "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5933&LanguageCode=en&DocumentPartId=&Action=Launch"}, {"name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5821&LanguageCode=en&DocumentPartId=&Action=Launch", "refsource": "CONFIRM", "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5821&LanguageCode=en&DocumentPartId=&Action=Launch"}, {"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-236-02", "refsource": "CONFIRM", "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-236-02"}]}, "solution": [{"lang": "en", "value": "- Vulnerability is remediated in Retail Operations v5.7.3\n- Vulnerability is remediated in CSB v5.7.3"}], "source": {"discovery": "USER"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T00:40:46.754Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5933&LanguageCode=en&DocumentPartId=&Action=Launch"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5821&LanguageCode=en&DocumentPartId=&Action=Launch"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-236-02"}]}]}, "cveMetadata": {"assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17", "assignerShortName": "Hitachi Energy", "cveId": "CVE-2021-35529", "datePublished": "2021-08-20T17:35:56.110359Z", "dateReserved": "2021-06-28T00:00:00", "dateUpdated": "2024-09-17T02:20:38.762Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hitachienergy:counterparty_settlement_and_billing:*:*:*:*:*:*:*:*", "matchCriteriaId": "40412B88-CA4D-4D4C-8C09-2A341FFDDBE3", "versionEndExcluding": "5.7.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:hitachienergy:retail_operations:*:*:*:*:*:*:*:*", "matchCriteriaId": "71570D1E-D89C-46B0-B486-5F9D890881F4", "versionEndExcluding": "5.7.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Insufficiently Protected Credentials vulnerability in client environment of Hitachi ABB Power Grids Retail Operations and Counterparty Settlement Billing (CSB) allows an attacker or unauthorized user to access database credentials, shut down the product and access or alter. This issue affects: Hitachi ABB Power Grids Retail Operations version 5.7.2 and prior versions. Hitachi ABB Power Grids Counterparty Settlement Billing (CSB) version 5.7.2 and prior versions."}, {"lang": "es", "value": "Una vulnerabilidad de Credenciales Insuficientemente Protegidas en el entorno del cliente de Hitachi ABB Power Grids Retail Operations y Counterparty Settlement Billing (CSB) permite a un atacante o a un usuario no autorizado acceder a las credenciales de la base de datos, cerrar el producto y acceder a \u00e9l o alterarlo. Este problema afecta a: Hitachi ABB Power Grids Retail Operations versi\u00f3n 5.7.2 y versiones anteriores. Hitachi ABB Power Grids Counterparty Settlement Billing (CSB) versi\u00f3n 5.7.2 y versiones anteriores."}], "id": "CVE-2021-35529", "lastModified": "2023-05-16T20:09:00.503", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 5.8, "source": "cybersecurity@hitachienergy.com", "type": "Secondary"}]}, "published": "2021-08-20T18:15:07.900", "references": [{"source": "cybersecurity@hitachienergy.com", "tags": ["Vendor Advisory"], "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5821&LanguageCode=en&DocumentPartId=&Action=Launch"}, {"source": "cybersecurity@hitachienergy.com", "tags": ["Vendor Advisory"], "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5933&LanguageCode=en&DocumentPartId=&Action=Launch"}, {"source": "cybersecurity@hitachienergy.com", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-236-02"}], "sourceIdentifier": "cybersecurity@hitachienergy.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-522"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-522"}], "source": "cybersecurity@hitachienergy.com", "type": "Secondary"}]}