Vulnerability Details CVE-2021-35528
Improper Access Control vulnerability in the application authentication and authorization of Hitachi Energy Retail Operations, Counterparty Settlement and Billing (CSB) allows an attacker to execute a modified signed Java Applet JAR file. A successful exploitation may lead to data extraction or modification of data inside the application. This issue affects: Hitachi Energy Retail Operations 5.7.3 and prior versions. Hitachi Energy Counterparty Settlement and Billing (CSB) 5.7.3 prior versions.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 12.4%
CVSS Severity
CVSS v3 Score 7.2
CVSS v2 Score 3.6
References
- https://search.abb.com/library/Download.aspx?DocumentID=8DBD000067&LanguageCode=en&DocumentPartId=&Action=Launch
- https://search.abb.com/library/Download.aspx?DocumentID=8DBD000068&LanguageCode=en&DocumentPartId=&Action=Launch
- https://search.abb.com/library/Download.aspx?DocumentID=8DBD000067&LanguageCode=en&DocumentPartId=&Action=Launch
- https://search.abb.com/library/Download.aspx?DocumentID=8DBD000068&LanguageCode=en&DocumentPartId=&Action=Launch
Products affected by CVE-2021-35528
-
cpe:2.3:a:hitachienergy:counterparty_settlements_and_billing:*
-
cpe:2.3:a:hitachienergy:retail_operations:-
-
cpe:2.3:a:hitachienergy:retail_operations:5.7.2
-
cpe:2.3:a:hitachienergy:retail_operations:5.7.3