Txpert HUB Coretec 4 Firmware

DATE	CVE	VULNERABILITY TITLE	RISK
2023-02-21	CVE-2022-3353	Improper Resource Shutdown or Release vulnerability in Hitachienergy products A vulnerability exists in the IEC 61850 communication stack that affects multiple Hitachi Energy products. An attacker could exploit the vulnerability by using a specially crafted message sequence, to force the IEC 61850 MMS-server communication stack, to stop accepting new MMS-client connections. Already existing/established client-server connections are not affected. List of affected CPEs: * cpe:2.3:o:hitachienergy:fox61x_tego1:r15b08:::::::* * cpe:2.3:o:hitachienergy:fox61x_tego1:r2a16_3:::::::* * cpe:2.3:o:hitachienergy:fox61x_tego1:r2a16:::::::* * cpe:2.3:o:hitachienergy:fox61x_tego1:r1e01:::::::* * cpe:2.3:o:hitachienergy:fox61x_tego1:r1d02:::::::* * cpe:2.3:o:hitachienergy:fox61x_tego1:r1c07:::::::* * cpe:2.3:o:hitachienergy:fox61x_tego1:r1b02:::::::* * cpe:2.3:a:hitachienergy:gms600:1.3.0:::::::* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.1.::::::: * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.5.::::::: * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.6.0:::::::* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.6.0.1:::::::* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.7.0:::::::* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.7.2:::::::* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.8.0:::::::* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.0.::::::: * cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.1.0.4:::::::* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.1.0.5:::::::* * cpe:2.3:a:hitachienergy:microscada_x_sys600:10:::::::* * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.::::::: * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:::::::* * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:::::::* * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:::::::* * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:::::::* * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.4:::::::* * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.4.1:::::::* * cpe:2.3:a:hitachienergy:mms:2.2.3:::::::* * cpe:2.3:a:hitachienergy:pwc600:1.0:::::::* * cpe:2.3:a:hitachienergy:pwc600:1.1:::::::* * cpe:2.3:a:hitachienergy:pwc600:1.2:::::::* * cpe:2.3:o:hitachienergy:reb500:7:::::::: * cpe:2.3:o:hitachienergy:reb500:8:::::::* * cpe:2.3:o:hitachienergy:relion670:1.2.::::::: * cpe:2.3:o:hitachienergy:relion670:2.0.::::::: * cpe:2.3:o:hitachienergy:relion650:1.1.::::::: * cpe:2.3:o:hitachienergy:relion650:1.3.::::::: * cpe:2.3:o:hitachienergy:relion650:2.1.::::::: * cpe:2.3:o:hitachienergy:relion670:2.1.::::::: * cpe:2.3:o:hitachienergy:relionSAM600-IO:2.2.1:::::::* * cpe:2.3:o:hitachienergy:relionSAM600-IO:2.2.5:::::::* * cpe:2.3:o:hitachienergy:relion670:2.2.::::::: * cpe:2.3:o:hitachienergy:relion650:2.2.::::::: * cpe:2.3:o:hitachienergy:rtu500cmu:12..:::::::* * cpe:2.3:a:hitachienergy:rtu500cmu:13..:::::::* * cpe:2.3:a:hitachienergy:txpert_hub_coretec_4:2.::::::: * cpe:2.3:a:hitachienergy:txpert_hub_coretec_4:3.0:::::::* * cpe:2.3:a:hitachienergy:txpert_hub_coretec_5:3.0:::::::* network low complexity hitachienergy CWE-404	7.5
2022-06-07	CVE-2021-35530	Unspecified vulnerability in Hitachienergy Txpert HUB Coretec 4 Firmware A vulnerability in the application authentication and authorization mechanism in Hitachi Energy's TXpert Hub CoreTec 4, that depends on a token validation of the session identifier, allows an unauthorized modified message to be executed in the server enabling an unauthorized actor to change an existing user password, and further gain authorized access into the system via login mechanism. local low complexity hitachienergy	6.7
2022-06-07	CVE-2021-35531	OS Command Injection vulnerability in Hitachienergy Txpert HUB Coretec 4 Firmware Improper Input Validation vulnerability in a particular configuration setting field of Hitachi Energy TXpert Hub CoreTec 4 product, allows an attacker with access to an authorized user with ADMIN or ENGINEER role rights to inject an OS command that is executed by the system. local low complexity hitachienergy CWE-78	6.7