PT-2021-5844 · Hitachi Energy · Hitachi Energy Xcm20+1
Published
2021-11-23
·
Updated
2021-12-07
·
CVE-2021-40333
CVSS v3.1
9.0
Critical
| Vector | AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Hitachi Energy FOX61x versions prior to R15A
Hitachi Energy XCM20 versions prior to R15A
Description
The issue is related to weak password requirements in the Data Communication Network (DCN) routing configuration, allowing an attacker to gain unauthorized access. This can be exploited by a remote attacker to access protected information.
Recommendations
For Hitachi Energy FOX61x versions prior to R15A, update to version R15A or later to resolve the issue.
For Hitachi Energy XCM20 versions prior to R15A, update to version R15A or later to resolve the issue.
As a temporary workaround, consider strengthening password requirements for the Data Communication Network (DCN) routing configuration to minimize the risk of exploitation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hitachi Energy Fox61X
Hitachi Energy Xcm20