Vulnerabilities > Hitachienergy
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-11-26 | CVE-2021-35533 | Improper Input Validation vulnerability in Hitachienergy Rtu500 Firmware 12.0/12.2/12.4 Improper Input Validation vulnerability in the APDU parser in the Bidirectional Communication Interface (BCI) IEC 60870-5-104 function of Hitachi Energy RTU500 series allows an attacker to cause the receiving RTU500 CMU of which the BCI is enabled to reboot when receiving a specially crafted message. | 7.5 |
2021-11-18 | CVE-2021-35534 | Improper Privilege Management vulnerability in Hitachienergy products Insufficient security control vulnerability in internal database access mechanism of Hitachi Energy Relion 670/650/SAM600-IO, Relion 650, GMS600, PWC600 allows attacker who successfully exploited this vulnerability, of which the product does not sufficiently restrict access to an internal database tables, could allow anybody with user credentials to bypass security controls that is enforced by the product. | 7.2 |
2021-11-18 | CVE-2021-35535 | Insecure Default Initialization of Resource vulnerability in Hitachienergy products Insecure Boot Image vulnerability in Hitachi Energy Relion Relion 670/650/SAM600-IO series allows an attacker who manages to get access to the front network port and to cause a reboot sequences of the device may exploit the vulnerability, where there is a tiny time gap during the booting process where an older version of VxWorks is loaded prior to application firmware booting, could exploit the vulnerability in the older version of VxWorks and cause a denial-of-service on the product. | 8.1 |
2021-11-17 | CVE-2021-35528 | Unspecified vulnerability in Hitachienergy products Improper Access Control vulnerability in the application authentication and authorization of Hitachi Energy Retail Operations, Counterparty Settlement and Billing (CSB) allows an attacker to execute a modified signed Java Applet JAR file. | 7.1 |
2021-08-20 | CVE-2021-35529 | Insufficiently Protected Credentials vulnerability in Hitachienergy products Insufficiently Protected Credentials vulnerability in client environment of Hitachi ABB Power Grids Retail Operations and Counterparty Settlement Billing (CSB) allows an attacker or unauthorized user to access database credentials, shut down the product and access or alter. | 7.2 |
2021-07-14 | CVE-2021-35527 | Insufficiently Protected Credentials vulnerability in Hitachienergy Esoms Password autocomplete vulnerability in the web application password field of Hitachi ABB Power Grids eSOMS allows attacker to gain access to user credentials that are stored by the browser. | 7.5 |
2021-06-14 | CVE-2021-26845 | Incorrect Authorization vulnerability in Hitachienergy Esoms Information Exposure vulnerability in Hitachi ABB Power Grids eSOMS allows unauthorized user to gain access to report data if the URL used to access the report is discovered. | 7.5 |
2021-06-14 | CVE-2021-27196 | Improper Input Validation vulnerability in Hitachienergy products Improper Input Validation vulnerability in Hitachi ABB Power Grids Relion 670 Series, Relion 670/650 Series, Relion 670/650/SAM600-IO, Relion 650, REB500, RTU500 Series, FOX615 (TEGO1), MSM, GMS600, PWC600 allows an attacker with access to the IEC 61850 network with knowledge of how to reproduce the attack, as well as the IP addresses of the different IEC 61850 access points (of IEDs/products), to force the device to reboot, which renders the device inoperable for approximately 60 seconds. | 7.5 |
2020-04-29 | CVE-2019-5620 | Missing Authentication for Critical Function vulnerability in Hitachienergy Microscada PRO Sys600 9.3 ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function. | 9.8 |
2020-04-02 | CVE-2019-19097 | Inadequate Encryption Strength vulnerability in Hitachienergy Esoms ABB eSOMS versions 4.0 to 6.0.3 accept connections using medium strength ciphers. | 7.5 |