CVE-2021-35528

Authentication Bypass Vulnerability Vulnerability in Retail Operations Product and Counterparty Settlement and Billing (CSB)

Description

Improper Access Control vulnerability in the application authentication and authorization of Hitachi Energy Retail Operations, Counterparty Settlement and Billing (CSB) allows an attacker to execute a modified signed Java Applet JAR file. A successful exploitation may lead to data extraction or modification of data inside the application. This issue affects: Hitachi Energy Retail Operations 5.7.3 and prior versions. Hitachi Energy Counterparty Settlement and Billing (CSB) 5.7.3 prior versions.

Remediation

Solution:

- Vulnerability is remediated in Retail Operations v5.7.3.1 - Vulnerability is remediated in CSB v5.7.3.1

References

Link	Tags
https://search.abb.com/library/Download.aspx?DocumentID=8DBD000067&LanguageCode=en&DocumentPartId=&Action=Launch	vendor advisory
https://search.abb.com/library/Download.aspx?DocumentID=8DBD000068&LanguageCode=en&DocumentPartId=&Action=Launch	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2021-35528?: CVE-2021-35528 has been scored as a high severity vulnerability.
How to fix CVE-2021-35528?: To fix CVE-2021-35528: - Vulnerability is remediated in Retail Operations v5.7.3.1 - Vulnerability is remediated in CSB v5.7.3.1
Is CVE-2021-35528 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2021-35528 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2021-35528?: CVE-2021-35528 affects Hitachi Energy Retail Operations, Hitachi Energy Counterparty Settlement and Billing (CSB).

Description

Remediation

Category

CWE-284 – Improper Access Control

References

Frequently Asked Questions