CVE-2021-35534

Name of the Vulnerable Software and Affected Versions: Hitachi Energy Relion 670 Series versions 2.0 through 2.2.3.4 Hitachi Energy Relion 670 Series version 2.2.4 Hitachi Energy Relion 670/650 Series versions 2.1 through 2.2.0 Hitachi Energy Relion 670/650 Series version 2.2.4 Hitachi Energy Relion 670/650/SAM600-IO versions 2.2.1 through 2.2.4.1 Hitachi Energy Relion 670/650/SAM600-IO versions 2.2.5 through 2.2.5.1 Hitachi Energy Relion 650 versions 1.0 through 1.3.0.7 Hitachi Energy GMS600 versions 1.2.0 through 1.3.0.1 Hitachi Energy PWC600 versions 1.0.1 through 1.0.1.3 Hitachi Energy PWC600 versions 1.1.0 through 1.1.0.0

Description: The vulnerability is related to an insufficient security control in the internal database access mechanism, allowing an attacker with user credentials to bypass security controls and potentially modify data or firmware, or permanently disable the product.

Recommendations: For Hitachi Energy Relion 670 Series versions 2.0 through 2.2.3.4, update to version 2.2.3.5 or later. For Hitachi Energy Relion 670 Series version 2.2.4, update to a version later than 2.2.4. For Hitachi Energy Relion 670/650 Series versions 2.1 through 2.2.0, update to a version later than 2.2.0. For Hitachi Energy Relion 670/650 Series version 2.2.4, update to a version later than 2.2.4. For Hitachi Energy Relion 670/650/SAM600-IO versions 2.2.1 through 2.2.4.1, update to version 2.2.5.2 or later. For Hitachi Energy Relion 650 versions 1.0 through 1.3.0.7, update to version 1.3.0.8 or later. For Hitachi Energy GMS600 versions 1.2.0 through 1.3.0.1, update to a version later than 1.3.0.1. For Hitachi Energy PWC600 versions 1.0.1 through 1.0.1.3, update to a version later than 1.0.1.3. For Hitachi Energy PWC600 versions 1.1.0 through 1.1.0.0, update to a version later than 1.1.0.0.