CVE-2021-35528

Name of the Vulnerable Software and Affected Versions: Hitachi Energy Retail Operations versions 5.7.3 and prior Hitachi Energy Counterparty Settlement and Billing (CSB) versions 5.7.3 and prior

Description: The issue is related to an Improper Access Control vulnerability in the application authentication and authorization. This vulnerability allows an attacker to execute a modified signed Java Applet JAR file, potentially leading to data extraction or modification of data inside the application.

Recommendations: For Hitachi Energy Retail Operations versions 5.7.3 and prior, update to a version later than 5.7.3 to resolve the issue. For Hitachi Energy Counterparty Settlement and Billing (CSB) versions 5.7.3 and prior, update to a version later than 5.7.3 to resolve the issue. As a temporary workaround, consider restricting access to the Java Applet JAR file execution functionality until a patch is available.