CVE-2021-40334

Name of the Vulnerable Software and Affected Versions Hitachi Energy FOX61x versions prior to R15A Hitachi Energy XCM20 versions prior to R15A

Description The issue is related to a Missing Handler vulnerability in the proprietary management protocol of Hitachi Energy FOX61x and XCM20, which can be exploited by activating SSH on port TCP 5558, causing disruption to the NMS and NE communication. The vulnerability is associated with deficiencies in data processing. An attacker can exploit this vulnerability to cause a denial of service using the Data Communication Network (DCN) and Network Management System (NMS) services.

Recommendations For Hitachi Energy FOX61x versions prior to R15A, update to version R15A or later to resolve the issue. For Hitachi Energy XCM20 versions prior to R15A, update to version R15A or later to resolve the issue. As a temporary workaround, consider restricting access to port TCP 5558 to minimize the risk of exploitation.