CVE-2021-35535

Name of the Vulnerable Software and Affected Versions: Hitachi Energy Relion 670 Series versions 2.2.2 through 2.2.3.2 Hitachi Energy Relion 670/650 Series versions 2.2.0 through 2.2.4 Hitachi Energy Relion 670/650/SAM600-IO version 2.2.1

Description: The issue is related to an Insecure Boot Image vulnerability in the Hitachi Energy Relion 670/650/SAM600-IO series. An attacker with access to the front network port may cause a reboot sequence, exploiting a tiny time gap during the booting process where an older version of VxWorks is loaded. This could lead to a denial-of-service on the product.

Recommendations: For Hitachi Energy Relion 670 Series version 2.2.2, update to version 2.2.3.3 or later. For Hitachi Energy Relion 670 Series versions prior to 2.2.3.3, update to version 2.2.3.3 or later. For Hitachi Energy Relion 670/650 Series versions 2.2.0 and 2.2.4, consider disabling the vulnerable boot process until a patch is available. For Hitachi Energy Relion 670/650/SAM600-IO version 2.2.1, restrict access to the front network port to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability for some versions, so consider the above recommendations as temporary workarounds.