Vulnerabilities > CVE-2021-35535 - Insecure Default Initialization of Resource vulnerability in Hitachi products

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

hitachi

CWE-1188

NVD

Published: 2021-11-18

Updated: 2021-11-24

Summary

Insecure Boot Image vulnerability in Hitachi Energy Relion Relion 670/650/SAM600-IO series allows an attacker who manages to get access to the front network port and to cause a reboot sequences of the device may exploit the vulnerability, where there is a tiny time gap during the booting process where an older version of VxWorks is loaded prior to application firmware booting, could exploit the vulnerability in the older version of VxWorks and cause a denial-of-service on the product. This issue affects: Hitachi Energy Relion 670 Series 2.2.2 all revisions; 2.2.3 versions prior to 2.2.3.3. Hitachi Energy Relion 670/650 Series 2.2.0 all revisions; 2.2.4 all revisions. Hitachi Energy Relion 670/650/SAM600-IO 2.2.1 all revisions.

Vulnerable Configurations

Part	Description	Count
OS	Hitachi Hitachi Relion 670 Firmware 2.2.0 Hitachi Relion 670 Firmware 2.2.1 Hitachi Relion 670 Firmware 2.2.2 Hitachi Relion 670 Firmware 2.2.3 Hitachi Relion 670 Firmware 2.2.3.3 Hitachi Relion 670 Firmware 2.2.4 Hitachi Relion 650 Firmware 2.2.0 Hitachi Relion 650 Firmware 2.2.1 Hitachi Relion 650 Firmware 2.2.4 Hitachi Relion Sam600 IO Firmware 2.2.1	10
Hardware	Hitachi Hitachi Relion 670 - Hitachi Relion 650 - Hitachi Relion Sam600 IO -	3

Common Weakness Enumeration (CWE)

CWE-1188 - Insecure Default Initialization of Resource

References

https://search.abb.com/library/Download.aspx?DocumentID=8DBD000061&LanguageCode=en&DocumentPartId=&Action=Launch