Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Retail Operations by Hitachi ABB Power Grids

    CVE-2021-35529 (GCVE-0-2021-35529)

    Vulnerability from nvd – Published: 2021-08-20 17:35 – Updated: 2024-09-17 02:20
    VLAI
    Title
    Password in Memory Vulnerability in Retail Operations Product and Counterparty Settlement and Billing (CSB)
    Summary
    Insufficiently Protected Credentials vulnerability in client environment of Hitachi ABB Power Grids Retail Operations and Counterparty Settlement Billing (CSB) allows an attacker or unauthorized user to access database credentials, shut down the product and access or alter. This issue affects: Hitachi ABB Power Grids Retail Operations version 5.7.2 and prior versions. Hitachi ABB Power Grids Counterparty Settlement Billing (CSB) version 5.7.2 and prior versions.
    CWE
    • CWE-522 - Insufficiently Protected Credentials
    Assigner
    Impacted products
    Date Public
    2021-08-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:40:46.754Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5933\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5821\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-236-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "prior to Build Nr. 1.2.14002.257"
              ],
              "product": "Retail Operations",
              "vendor": "Hitachi ABB Power Grids",
              "versions": [
                {
                  "lessThanOrEqual": "5.7.2",
                  "status": "affected",
                  "version": "5.7.2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Counterparty Settlement and Billing (CSB)",
              "vendor": "Hitachi ABB Power Grids",
              "versions": [
                {
                  "lessThanOrEqual": "5.7.2",
                  "status": "affected",
                  "version": "5.7.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-08-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Insufficiently Protected Credentials vulnerability in client environment of Hitachi ABB Power Grids Retail Operations and Counterparty Settlement Billing (CSB) allows an attacker or unauthorized user to access database credentials, shut down the product and access or alter. This issue affects: Hitachi ABB Power Grids Retail Operations version 5.7.2 and prior versions. Hitachi ABB Power Grids Counterparty Settlement Billing (CSB) version 5.7.2 and prior versions."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-522",
                  "description": "CWE-522 Insufficiently Protected Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-08T16:40:20.000Z",
            "orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
            "shortName": "Hitachi Energy"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5933\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5821\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-236-02"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "- Vulnerability is remediated in Retail Operations v5.7.3\n- Vulnerability is remediated in CSB v5.7.3"
            }
          ],
          "source": {
            "discovery": "USER"
          },
          "title": "Password in Memory Vulnerability in  Retail Operations Product and Counterparty Settlement and Billing (CSB)",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@hitachi-powergrids.com",
              "DATE_PUBLIC": "2021-08-05T13:00:00.000Z",
              "ID": "CVE-2021-35529",
              "STATE": "PUBLIC",
              "TITLE": "Password in Memory Vulnerability in  Retail Operations Product and Counterparty Settlement and Billing (CSB)"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Retail Operations",
                          "version": {
                            "version_data": [
                              {
                                "platform": "prior to Build Nr. 1.2.14002.257",
                                "version_affected": "\u003c=",
                                "version_name": "5.7.2",
                                "version_value": "5.7.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Counterparty Settlement and Billing (CSB)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "5.7.2",
                                "version_value": "5.7.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Hitachi ABB Power Grids"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Insufficiently Protected Credentials vulnerability in client environment of Hitachi ABB Power Grids Retail Operations and Counterparty Settlement Billing (CSB) allows an attacker or unauthorized user to access database credentials, shut down the product and access or alter. This issue affects: Hitachi ABB Power Grids Retail Operations version 5.7.2 and prior versions. Hitachi ABB Power Grids Counterparty Settlement Billing (CSB) version 5.7.2 and prior versions."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-522 Insufficiently Protected Credentials"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5933\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
                  "refsource": "CONFIRM",
                  "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5933\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
                },
                {
                  "name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5821\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
                  "refsource": "CONFIRM",
                  "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5821\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
                },
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-236-02",
                  "refsource": "CONFIRM",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-236-02"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "- Vulnerability is remediated in Retail Operations v5.7.3\n- Vulnerability is remediated in CSB v5.7.3"
              }
            ],
            "source": {
              "discovery": "USER"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
        "assignerShortName": "Hitachi Energy",
        "cveId": "CVE-2021-35529",
        "datePublished": "2021-08-20T17:35:56.110Z",
        "dateReserved": "2021-06-28T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:20:38.762Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-35529 (GCVE-0-2021-35529)

    Vulnerability from cvelistv5 – Published: 2021-08-20 17:35 – Updated: 2024-09-17 02:20
    VLAI
    Title
    Password in Memory Vulnerability in Retail Operations Product and Counterparty Settlement and Billing (CSB)
    Summary
    Insufficiently Protected Credentials vulnerability in client environment of Hitachi ABB Power Grids Retail Operations and Counterparty Settlement Billing (CSB) allows an attacker or unauthorized user to access database credentials, shut down the product and access or alter. This issue affects: Hitachi ABB Power Grids Retail Operations version 5.7.2 and prior versions. Hitachi ABB Power Grids Counterparty Settlement Billing (CSB) version 5.7.2 and prior versions.
    CWE
    • CWE-522 - Insufficiently Protected Credentials
    Assigner
    Impacted products
    Date Public
    2021-08-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:40:46.754Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5933\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5821\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-236-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "prior to Build Nr. 1.2.14002.257"
              ],
              "product": "Retail Operations",
              "vendor": "Hitachi ABB Power Grids",
              "versions": [
                {
                  "lessThanOrEqual": "5.7.2",
                  "status": "affected",
                  "version": "5.7.2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Counterparty Settlement and Billing (CSB)",
              "vendor": "Hitachi ABB Power Grids",
              "versions": [
                {
                  "lessThanOrEqual": "5.7.2",
                  "status": "affected",
                  "version": "5.7.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-08-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Insufficiently Protected Credentials vulnerability in client environment of Hitachi ABB Power Grids Retail Operations and Counterparty Settlement Billing (CSB) allows an attacker or unauthorized user to access database credentials, shut down the product and access or alter. This issue affects: Hitachi ABB Power Grids Retail Operations version 5.7.2 and prior versions. Hitachi ABB Power Grids Counterparty Settlement Billing (CSB) version 5.7.2 and prior versions."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-522",
                  "description": "CWE-522 Insufficiently Protected Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-08T16:40:20.000Z",
            "orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
            "shortName": "Hitachi Energy"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5933\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5821\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-236-02"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "- Vulnerability is remediated in Retail Operations v5.7.3\n- Vulnerability is remediated in CSB v5.7.3"
            }
          ],
          "source": {
            "discovery": "USER"
          },
          "title": "Password in Memory Vulnerability in  Retail Operations Product and Counterparty Settlement and Billing (CSB)",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@hitachi-powergrids.com",
              "DATE_PUBLIC": "2021-08-05T13:00:00.000Z",
              "ID": "CVE-2021-35529",
              "STATE": "PUBLIC",
              "TITLE": "Password in Memory Vulnerability in  Retail Operations Product and Counterparty Settlement and Billing (CSB)"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Retail Operations",
                          "version": {
                            "version_data": [
                              {
                                "platform": "prior to Build Nr. 1.2.14002.257",
                                "version_affected": "\u003c=",
                                "version_name": "5.7.2",
                                "version_value": "5.7.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Counterparty Settlement and Billing (CSB)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "5.7.2",
                                "version_value": "5.7.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Hitachi ABB Power Grids"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Insufficiently Protected Credentials vulnerability in client environment of Hitachi ABB Power Grids Retail Operations and Counterparty Settlement Billing (CSB) allows an attacker or unauthorized user to access database credentials, shut down the product and access or alter. This issue affects: Hitachi ABB Power Grids Retail Operations version 5.7.2 and prior versions. Hitachi ABB Power Grids Counterparty Settlement Billing (CSB) version 5.7.2 and prior versions."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-522 Insufficiently Protected Credentials"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5933\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
                  "refsource": "CONFIRM",
                  "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5933\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
                },
                {
                  "name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5821\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
                  "refsource": "CONFIRM",
                  "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5821\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
                },
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-236-02",
                  "refsource": "CONFIRM",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-236-02"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "- Vulnerability is remediated in Retail Operations v5.7.3\n- Vulnerability is remediated in CSB v5.7.3"
              }
            ],
            "source": {
              "discovery": "USER"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
        "assignerShortName": "Hitachi Energy",
        "cveId": "CVE-2021-35529",
        "datePublished": "2021-08-20T17:35:56.110Z",
        "dateReserved": "2021-06-28T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:20:38.762Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }