Vulnerabilities > Hitachienergy
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-11 | CVE-2021-27414 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Hitachienergy Ellipse Enterprise Asset Management An attacker could trick a user of Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 into visiting a malicious website posing as a login page for the Ellipse application and gather authentication credentials. | 6.1 |
| 2022-03-11 | CVE-2021-27416 | Cross-site Scripting vulnerability in Hitachienergy Ellipse Enterprise Asset Management An attacker could exploit this vulnerability in Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 by tricking a user to click on a link containing malicious code that would then be run by the web browser. | 5.4 |
| 2021-12-02 | CVE-2021-40333 | Weak Password Requirements vulnerability in Hitachienergy Fox615 Firmware and Xcm20 Firmware Weak Password Requirements vulnerability in Hitachi Energy FOX61x, XCM20 allows an attacker to gain unauthorized access to the Data Communication Network (DCN) routing configuration. | 5.5 |
| 2021-12-02 | CVE-2021-40334 | Unspecified vulnerability in Hitachienergy Fox615 Firmware and Xcm20 Firmware Missing Handler vulnerability in the proprietary management protocol (port TCP 5558) of Hitachi Energy FOX61x, XCM20 allows an attacker that exploits the vulnerability by activating SSH on port TCP 5558 to cause disruption to the NMS and NE communication. | 5.0 |
| 2021-11-26 | CVE-2021-35533 | Improper Input Validation vulnerability in Hitachienergy Rtu500 Firmware 12.0/12.2/12.4 Improper Input Validation vulnerability in the APDU parser in the Bidirectional Communication Interface (BCI) IEC 60870-5-104 function of Hitachi Energy RTU500 series allows an attacker to cause the receiving RTU500 CMU of which the BCI is enabled to reboot when receiving a specially crafted message. | 7.5 |
| 2021-11-17 | CVE-2021-35528 | Unspecified vulnerability in Hitachienergy products Improper Access Control vulnerability in the application authentication and authorization of Hitachi Energy Retail Operations, Counterparty Settlement and Billing (CSB) allows an attacker to execute a modified signed Java Applet JAR file. | 3.6 |
| 2021-08-20 | CVE-2021-35529 | Insufficiently Protected Credentials vulnerability in Hitachienergy products Insufficiently Protected Credentials vulnerability in client environment of Hitachi ABB Power Grids Retail Operations and Counterparty Settlement Billing (CSB) allows an attacker or unauthorized user to access database credentials, shut down the product and access or alter. | 7.2 |
| 2021-07-14 | CVE-2021-35527 | Insufficiently Protected Credentials vulnerability in Hitachienergy Esoms Password autocomplete vulnerability in the web application password field of Hitachi ABB Power Grids eSOMS allows attacker to gain access to user credentials that are stored by the browser. | 7.5 |
| 2021-06-14 | CVE-2021-26845 | Incorrect Authorization vulnerability in Hitachienergy Esoms Information Exposure vulnerability in Hitachi ABB Power Grids eSOMS allows unauthorized user to gain access to report data if the URL used to access the report is discovered. | 7.5 |
| 2021-06-14 | CVE-2021-27196 | Improper Input Validation vulnerability in Hitachienergy products Improper Input Validation vulnerability in Hitachi ABB Power Grids Relion 670 Series, Relion 670/650 Series, Relion 670/650/SAM600-IO, Relion 650, REB500, RTU500 Series, FOX615 (TEGO1), MSM, GMS600, PWC600 allows an attacker with access to the IEC 61850 network with knowledge of how to reproduce the attack, as well as the IP addresses of the different IEC 61850 access points (of IEDs/products), to force the device to reboot, which renders the device inoperable for approximately 60 seconds. | 7.5 |