CVE-2021-35531

Remote Code Execution in TXpert Hub CoreTec 4

Description

Improper Input Validation vulnerability in a particular configuration setting field of Hitachi Energy TXpert Hub CoreTec 4 product, allows an attacker with access to an authorized user with ADMIN or ENGINEER role rights to inject an OS command that is executed by the system. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0; 2.0.1; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1.

Remediation

Solution:

Update the system to TXpert Hub CoreTec 4 version 2.3.0 that fixes the issues.

References

Link	Tags
https://search.abb.com/library/Download.aspx?DocumentID=8DBD000080&LanguageCode=en&DocumentPartId=&Action=Launch&utm_campaign=&utm_content=2022.04_5763_Cybersecurity%20Advisory%20Update_May_03&utm_medium=email&utm_source=Eloqua	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2021-35531?: CVE-2021-35531 has been scored as a medium severity vulnerability.
How to fix CVE-2021-35531?: To fix CVE-2021-35531: Update the system to TXpert Hub CoreTec 4 version 2.3.0 that fixes the issues.
Is CVE-2021-35531 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2021-35531 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2021-35531?: CVE-2021-35531 affects Hitachi Energy TXpert Hub CoreTec 4 version.

Description

Remediation

Categories

CWE-20 – Improper Input Validation

CWE-78 – Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

References

Frequently Asked Questions