Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Hitachi Energy

#e383dce4-0c27-4495-91c4-0db157728d17
PolicyEmail

Short Name

Hitachi_Energy

Program Role

CNA

Root

Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)

Top Level Root

Cybersecurity and Infrastructure Security Agency (CISA)

Security Advisories

View Advisories

Domain

hitachienergy.com

Country

Switzerland

Scope

Hitachi Energy products only.
Reported CVEsVendorsProductsReports
108Vulnerabilities found
CVE-2021-40334
Assigner-Hitachi Energy
ShareView Details
Assigner-Hitachi Energy
CVSS Score-8.6||HIGH
EPSS-0.41% / 60.85%
||
7 Day CHG~0.00%
Published-02 Dec, 2021 | 18:28
Updated-16 Sep, 2024 | 23:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SSH activation problem in the proprietary management protocol (port TCP 5558)

Missing Handler vulnerability in the proprietary management protocol (port TCP 5558) of Hitachi Energy FOX61x, XCM20 allows an attacker that exploits the vulnerability by activating SSH on port TCP 5558 to cause disruption to the NMS and NE communication. This issue affects: Hitachi Energy FOX61x versions prior to R15A. Hitachi Energy XCM20 versions prior to R15A.

Action-Not Available
Vendor-Hitachi Energy Ltd.
Product-xcm20fox615xcm20_firmwarefox615_firmwareFOX61xXCM20
CWE ID-CWE-431
Missing Handler
CVE-2021-35533
Assigner-Hitachi Energy
ShareView Details
Assigner-Hitachi Energy
CVSS Score-7.5||HIGH
EPSS-0.55% / 67.75%
||
7 Day CHG~0.00%
Published-26 Nov, 2021 | 16:37
Updated-16 Sep, 2024 | 21:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Specially Crafted IEC 60870-5-104 Packet Vulnerability in RTU500 series

Improper Input Validation vulnerability in the APDU parser in the Bidirectional Communication Interface (BCI) IEC 60870-5-104 function of Hitachi Energy RTU500 series allows an attacker to cause the receiving RTU500 CMU of which the BCI is enabled to reboot when receiving a specially crafted message. By default, BCI IEC 60870-5-104 function is disabled (not configured). This issue affects: Hitachi Energy RTU500 series CMU Firmware version 12.0.* (all versions); CMU Firmware version 12.2.* (all versions); CMU Firmware version 12.4.* (all versions).

Action-Not Available
Vendor-Hitachi Energy Ltd.
Product-rtu500_firmwarertu500RTU500 series
CWE ID-CWE-20
Improper Input Validation
CVE-2021-35534
Assigner-Hitachi Energy
ShareView Details
Assigner-Hitachi Energy
CVSS Score-7.2||HIGH
EPSS-0.20% / 42.44%
||
7 Day CHG~0.00%
Published-18 Nov, 2021 | 16:35
Updated-16 Sep, 2024 | 18:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Insufficient Security Control Vulnerability

Insufficient security control vulnerability in internal database access mechanism of Hitachi Energy Relion 670/650/SAM600-IO, Relion 650, GMS600, PWC600 allows attacker who successfully exploited this vulnerability, of which the product does not sufficiently restrict access to an internal database tables, could allow anybody with user credentials to bypass security controls that is enforced by the product. Consequently, exploitation may lead to unauthorized modifications on data/firmware, and/or to permanently disabling the product. This issue affects: Hitachi Energy Relion 670 Series 2.0 all revisions; 2.2.2 all revisions; 2.2.3 versions prior to 2.2.3.5. Hitachi Energy Relion 670/650 Series 2.1 all revisions. 2.2.0 all revisions; 2.2.4 all revisions; Hitachi Energy Relion 670/650/SAM600-IO 2.2.1 all revisions; 2.2.5 versions prior to 2.2.5.2. Hitachi Energy Relion 650 1.0 all revisions. 1.1 all revisions; 1.2 all revisions; 1.3 versions prior to 1.3.0.8; Hitachi Energy GMS600 1.3.0; 1.3.0.1; 1.2.0. Hitachi Energy PWC600 1.0.1 version 1.0.1.4 and prior versions; 1.1.0 version 1.1.0.1 and prior versions.

Action-Not Available
Vendor-Hitachi Energy Ltd.
Product-gms600relion_670_firmwaregms600_firmwarerelion_670relion_650relion_650_firmwarerelion_sam600-io_firmwarerelion_sam600-iopwc600pwc600_firmwareRelion 670/650/SAM600-IORelion 650GMS600Relion 670 SeriesRelion 670/650 SeriesPWC600
CWE ID-CWE-274
Improper Handling of Insufficient Privileges
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-35535
Assigner-Hitachi Energy
ShareView Details
Assigner-Hitachi Energy
CVSS Score-8.1||HIGH
EPSS-0.26% / 49.55%
||
7 Day CHG~0.00%
Published-18 Nov, 2021 | 15:53
Updated-16 Sep, 2024 | 17:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Insufficient Security Control Vulnerability

Insecure Boot Image vulnerability in Hitachi Energy Relion Relion 670/650/SAM600-IO series allows an attacker who manages to get access to the front network port and to cause a reboot sequences of the device may exploit the vulnerability, where there is a tiny time gap during the booting process where an older version of VxWorks is loaded prior to application firmware booting, could exploit the vulnerability in the older version of VxWorks and cause a denial-of-service on the product. This issue affects: Hitachi Energy Relion 670 Series 2.2.2 all revisions; 2.2.3 versions prior to 2.2.3.3. Hitachi Energy Relion 670/650 Series 2.2.0 all revisions; 2.2.4 all revisions. Hitachi Energy Relion 670/650/SAM600-IO 2.2.1 all revisions.

Action-Not Available
Vendor-Hitachi Energy Ltd.
Product-relion_670_firmwarerelion_670relion_650relion_650_firmwarerelion_sam600-io_firmwarerelion_sam600-ioRelion 670/650 SeriesRelion 670/650/SAM600-IORelion 670 Series
CWE ID-CWE-1188
Initialization of a Resource with an Insecure Default
CVE-2021-35528
Assigner-Hitachi Energy
ShareView Details
Assigner-Hitachi Energy
CVSS Score-7.2||HIGH
EPSS-0.04% / 12.75%
||
7 Day CHG~0.00%
Published-17 Nov, 2021 | 17:55
Updated-16 Sep, 2024 | 16:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authentication Bypass Vulnerability Vulnerability in Retail Operations Product and Counterparty Settlement and Billing (CSB)

Improper Access Control vulnerability in the application authentication and authorization of Hitachi Energy Retail Operations, Counterparty Settlement and Billing (CSB) allows an attacker to execute a modified signed Java Applet JAR file. A successful exploitation may lead to data extraction or modification of data inside the application. This issue affects: Hitachi Energy Retail Operations 5.7.3 and prior versions. Hitachi Energy Counterparty Settlement and Billing (CSB) 5.7.3 prior versions.

Action-Not Available
Vendor-Hitachi Energy Ltd.
Product-retail_operationscounterparty_settlements_and_billingRetail OperationsCounterparty Settlement and Billing (CSB)
CWE ID-CWE-284
Improper Access Control
CVE-2021-35526
Assigner-Hitachi Energy
ShareView Details
Assigner-Hitachi Energy
CVSS Score-6.3||MEDIUM
EPSS-0.01% / 0.81%
||
7 Day CHG~0.00%
Published-08 Sep, 2021 | 15:10
Updated-16 Sep, 2024 | 19:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Storage of Sensitive Information Vulnerability in Hitachi ABB Power Grids System Data Manager – SDM600 Product

Backup file without encryption vulnerability is found in Hitachi ABB Power Grids System Data Manager – SDM600 allows attacker to gain access to sensitive information. This issue affects: Hitachi ABB Power Grids System Data Manager – SDM600 1.2 versions prior to FP2 HF6 (Build Nr. 1.2.14002.257).

Action-Not Available
Vendor-Hitachi Energy Ltd.Hitachi, Ltd.
Product-sdm600_firmwaresdm600System Data Manager – SDM600
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CWE ID-CWE-863
Incorrect Authorization
CVE-2021-35529
Assigner-Hitachi Energy
ShareView Details
Assigner-Hitachi Energy
CVSS Score-7.7||HIGH
EPSS-0.29% / 52.51%
||
7 Day CHG~0.00%
Published-20 Aug, 2021 | 17:35
Updated-17 Sep, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Password in Memory Vulnerability in Retail Operations Product and Counterparty Settlement and Billing (CSB)

Insufficiently Protected Credentials vulnerability in client environment of Hitachi ABB Power Grids Retail Operations and Counterparty Settlement Billing (CSB) allows an attacker or unauthorized user to access database credentials, shut down the product and access or alter. This issue affects: Hitachi ABB Power Grids Retail Operations version 5.7.2 and prior versions. Hitachi ABB Power Grids Counterparty Settlement Billing (CSB) version 5.7.2 and prior versions.

Action-Not Available
Vendor-Hitachi Energy Ltd.Hitachi, Ltd.
Product-retail_operationscounterparty_settlement_and_billingRetail OperationsCounterparty Settlement and Billing (CSB)
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2021-35527
Assigner-Hitachi Energy
ShareView Details
Assigner-Hitachi Energy
CVSS Score-7.5||HIGH
EPSS-0.28% / 50.80%
||
7 Day CHG~0.00%
Published-14 Jul, 2021 | 13:15
Updated-16 Sep, 2024 | 23:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Password Autocomplete Vulnerability in Hitachi ABB Power Grids eSOMS Application

Password autocomplete vulnerability in the web application password field of Hitachi ABB Power Grids eSOMS allows attacker to gain access to user credentials that are stored by the browser. This issue affects: Hitachi ABB Power Grids eSOMS version 6.3 and prior versions.

Action-Not Available
Vendor-Hitachi Energy Ltd.Hitachi, Ltd.
Product-esomseSOMS
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-522
Insufficiently Protected Credentials
  • Previous
  • 1
  • 2
  • 3
  • Next