PT-2021-20952 · Hitachi Abb Power Grids · Hitachi Abb Power Grids System Data Manager – Sdm600

Published

2021-09-08

Updated

2023-05-16

CVE-2021-35526

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Hitachi ABB Power Grids System Data Manager – SDM600 versions prior to 1.2 FP2 HF6 (Build Nr. 1.2.14002.257)

Description: A backup file without encryption vulnerability is found in Hitachi ABB Power Grids System Data Manager – SDM600, allowing an attacker to gain access to sensitive information.

Recommendations: For Hitachi ABB Power Grids System Data Manager – SDM600 versions prior to 1.2 FP2 HF6 (Build Nr. 1.2.14002.257), update to a version that includes FP2 HF6 (Build Nr. 1.2.14002.257) or later to resolve the issue. As a temporary workaround, consider restricting access to backup files to minimize the risk of exploitation.

Fix

Incorrect Authorization

Cleartext Storage of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863CWE-312

Related Identifiers

CVE-2021-35526

Affected Products

Hitachi Abb Power Grids System Data Manager – Sdm600

CVE-2021-35526

Weakness Enumeration

Related Identifiers

Affected Products

References · 7