7.7
CVE-2021-35529
- EPSS 0.3%
- Veröffentlicht 20.08.2021 18:15:07
- Zuletzt bearbeitet 21.11.2024 06:12:27
- Quelle cybersecurity@hitachienergy.co
- CVE-Watchlists
- Unerledigt
LoginInsufficiently Protected Credentials vulnerability in client environment of Hitachi ABB Power Grids Retail Operations and Counterparty Settlement Billing (CSB) allows an attacker or unauthorized user to access database credentials, shut down the product and access or alter. This issue affects: Hitachi ABB Power Grids Retail Operations version 5.7.2 and prior versions. Hitachi ABB Power Grids Counterparty Settlement Billing (CSB) version 5.7.2 and prior versions.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Hitachienergy ≫ Counterparty Settlement And Billing Version < 5.7.3
Hitachienergy ≫ Retail Operations Version < 5.7.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.3% | 0.498 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
| cybersecurity@hitachienergy.com | 7.7 | 1.3 | 5.8 |
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N
|
CWE-522 Insufficiently Protected Credentials
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.