Vulnerabilities > Hitachienergy

DATE CVE VULNERABILITY TITLE RISK
2021-11-26 CVE-2021-35533 Improper Input Validation vulnerability in Hitachienergy Rtu500 Firmware 12.0/12.2/12.4
Improper Input Validation vulnerability in the APDU parser in the Bidirectional Communication Interface (BCI) IEC 60870-5-104 function of Hitachi Energy RTU500 series allows an attacker to cause the receiving RTU500 CMU of which the BCI is enabled to reboot when receiving a specially crafted message.
network
low complexity
hitachienergy CWE-20
7.5
2021-11-18 CVE-2021-35534 Improper Privilege Management vulnerability in Hitachienergy products
Insufficient security control vulnerability in internal database access mechanism of Hitachi Energy Relion 670/650/SAM600-IO, Relion 650, GMS600, PWC600 allows attacker who successfully exploited this vulnerability, of which the product does not sufficiently restrict access to an internal database tables, could allow anybody with user credentials to bypass security controls that is enforced by the product.
network
low complexity
hitachienergy CWE-269
7.2
2021-11-18 CVE-2021-35535 Insecure Default Initialization of Resource vulnerability in Hitachienergy products
Insecure Boot Image vulnerability in Hitachi Energy Relion Relion 670/650/SAM600-IO series allows an attacker who manages to get access to the front network port and to cause a reboot sequences of the device may exploit the vulnerability, where there is a tiny time gap during the booting process where an older version of VxWorks is loaded prior to application firmware booting, could exploit the vulnerability in the older version of VxWorks and cause a denial-of-service on the product.
network
high complexity
hitachienergy CWE-1188
8.1
2021-11-17 CVE-2021-35528 Unspecified vulnerability in Hitachienergy products
Improper Access Control vulnerability in the application authentication and authorization of Hitachi Energy Retail Operations, Counterparty Settlement and Billing (CSB) allows an attacker to execute a modified signed Java Applet JAR file.
local
low complexity
hitachienergy
7.1
2021-08-20 CVE-2021-35529 Insufficiently Protected Credentials vulnerability in Hitachienergy products
Insufficiently Protected Credentials vulnerability in client environment of Hitachi ABB Power Grids Retail Operations and Counterparty Settlement Billing (CSB) allows an attacker or unauthorized user to access database credentials, shut down the product and access or alter.
network
low complexity
hitachienergy CWE-522
7.2
2021-07-14 CVE-2021-35527 Insufficiently Protected Credentials vulnerability in Hitachienergy Esoms
Password autocomplete vulnerability in the web application password field of Hitachi ABB Power Grids eSOMS allows attacker to gain access to user credentials that are stored by the browser.
network
low complexity
hitachienergy CWE-522
7.5
2021-06-14 CVE-2021-26845 Incorrect Authorization vulnerability in Hitachienergy Esoms
Information Exposure vulnerability in Hitachi ABB Power Grids eSOMS allows unauthorized user to gain access to report data if the URL used to access the report is discovered.
network
low complexity
hitachienergy CWE-863
7.5
2021-06-14 CVE-2021-27196 Improper Input Validation vulnerability in Hitachienergy products
Improper Input Validation vulnerability in Hitachi ABB Power Grids Relion 670 Series, Relion 670/650 Series, Relion 670/650/SAM600-IO, Relion 650, REB500, RTU500 Series, FOX615 (TEGO1), MSM, GMS600, PWC600 allows an attacker with access to the IEC 61850 network with knowledge of how to reproduce the attack, as well as the IP addresses of the different IEC 61850 access points (of IEDs/products), to force the device to reboot, which renders the device inoperable for approximately 60 seconds.
network
low complexity
hitachienergy CWE-20
7.5
2020-04-29 CVE-2019-5620 Missing Authentication for Critical Function vulnerability in Hitachienergy Microscada PRO Sys600 9.3
ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function.
network
low complexity
hitachienergy CWE-306
critical
9.8
2020-04-02 CVE-2019-19097 Inadequate Encryption Strength vulnerability in Hitachienergy Esoms
ABB eSOMS versions 4.0 to 6.0.3 accept connections using medium strength ciphers.
network
low complexity
hitachienergy CWE-326
7.5