CVE-2021-35529

{"id": "CVE-2021-35529", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "cybersecurity@hitachienergy.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.8, "exploitabilityScore": 1.3}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2021-08-20T18:15:07.900", "references": [{"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5821&LanguageCode=en&DocumentPartId=&Action=Launch", "tags": ["Vendor Advisory"], "source": "cybersecurity@hitachienergy.com"}, {"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5933&LanguageCode=en&DocumentPartId=&Action=Launch", "tags": ["Vendor Advisory"], "source": "cybersecurity@hitachienergy.com"}, {"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-236-02", "tags": ["Third Party Advisory", "US Government Resource"], "source": "cybersecurity@hitachienergy.com"}, {"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5821&LanguageCode=en&DocumentPartId=&Action=Launch", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5933&LanguageCode=en&DocumentPartId=&Action=Launch", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-236-02", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "cybersecurity@hitachienergy.com", "description": [{"lang": "en", "value": "CWE-522"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-522"}]}], "descriptions": [{"lang": "en", "value": "Insufficiently Protected Credentials vulnerability in client environment of Hitachi ABB Power Grids Retail Operations and Counterparty Settlement Billing (CSB) allows an attacker or unauthorized user to access database credentials, shut down the product and access or alter. This issue affects: Hitachi ABB Power Grids Retail Operations version 5.7.2 and prior versions. Hitachi ABB Power Grids Counterparty Settlement Billing (CSB) version 5.7.2 and prior versions."}, {"lang": "es", "value": "Una vulnerabilidad de Credenciales Insuficientemente Protegidas en el entorno del cliente de Hitachi ABB Power Grids Retail Operations y Counterparty Settlement Billing (CSB) permite a un atacante o a un usuario no autorizado acceder a las credenciales de la base de datos, cerrar el producto y acceder a \u00e9l o alterarlo. Este problema afecta a: Hitachi ABB Power Grids Retail Operations versi\u00f3n 5.7.2 y versiones anteriores. Hitachi ABB Power Grids Counterparty Settlement Billing (CSB) versi\u00f3n 5.7.2 y versiones anteriores."}], "lastModified": "2024-11-21T06:12:27.130", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hitachienergy:counterparty_settlement_and_billing:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "40412B88-CA4D-4D4C-8C09-2A341FFDDBE3", "versionEndExcluding": "5.7.3"}, {"criteria": "cpe:2.3:a:hitachienergy:retail_operations:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "71570D1E-D89C-46B0-B486-5F9D890881F4", "versionEndExcluding": "5.7.3"}], "operator": "OR"}]}], "sourceIdentifier": "cybersecurity@hitachienergy.com"}