Vulnerabilities > CVE-2021-35526 - Incorrect Authorization vulnerability in Hitachiabb-Powergrids Sdm600 Firmware

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

hitachiabb-powergrids

CWE-863

NVD

Published: 2021-09-08

Updated: 2023-05-16

Summary

Backup file without encryption vulnerability is found in Hitachi ABB Power Grids System Data Manager – SDM600 allows attacker to gain access to sensitive information. This issue affects: Hitachi ABB Power Grids System Data Manager – SDM600 1.2 versions prior to FP2 HF6 (Build Nr. 1.2.14002.257).

Vulnerable Configurations

Part	Description	Count
OS	Hitachiabb-Powergrids Hitachiabb Powergrids Sdm600 Firmware *	1
Hardware	Hitachienergy Hitachienergy Sdm600 -	1

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://search.abb.com/library/Download.aspx?utm_campaign=&utm_content=2021.08_5051_Cybersecurity%20Advisory%3A&utm_medium=email&utm_source=Eloqua&DocumentID=9AKK107992A4700&LanguageCode=en&DocumentPartId=&Action=Launch&elqTrackId=ba79ef3d8aec4a4fad6c0cbe06d33d6c&elq=1bda419954724e908db108def16646a5&elqaid=3638&elqat=1&elqCampaignId=
https://us-cert.cisa.gov/ics/advisories/icsa-21-250-02