Vulnerabilities > CVE-2021-35528 - Unspecified vulnerability in Hitachienergy products

CVSS 7.1 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

NONE

local

low complexity

hitachienergy

NVD

Published: 2021-11-17

Updated: 2022-04-25

Summary

Improper Access Control vulnerability in the application authentication and authorization of Hitachi Energy Retail Operations, Counterparty Settlement and Billing (CSB) allows an attacker to execute a modified signed Java Applet JAR file. A successful exploitation may lead to data extraction or modification of data inside the application. This issue affects: Hitachi Energy Retail Operations 5.7.3 and prior versions. Hitachi Energy Counterparty Settlement and Billing (CSB) 5.7.3 prior versions.

Vulnerable Configurations

Part	Description	Count
Application	Hitachienergy Hitachienergy Counterparty Settlements AND Billing * Hitachienergy Retail Operations - Hitachienergy Retail Operations 5.7.2 Hitachienergy Retail Operations 5.7.3	4

Summary

Vulnerable Configurations

References