CVE-2021-35532

Name of the Vulnerable Software and Affected Versions Hitachi Energy TXpert Hub CoreTec 4 versions 2.0.0 through 2.2.1

Description A vulnerability exists in the file upload validation part of the Hitachi Energy TXpert Hub CoreTec 4 product. This issue allows an attacker or malicious agent who gains access to the system and obtains an account with sufficient privilege to upload malicious firmware to the product.

Recommendations For versions 2.0.0 through 2.2.1, consider disabling the file upload feature until a patch is available to prevent malicious firmware uploads. Restrict access to the system and limit account privileges to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.