{ "CVE_data_meta": { "ASSIGNER": "cybersecurity@hitachi-powergrids.com", "DATE_PUBLIC": "2021-08-05T13:00:00.000Z", "ID": "CVE-2021-35529", "STATE": "PUBLIC", "TITLE": "Password in Memory Vulnerability in Retail Operations Product and Counterparty Settlement and Billing (CSB)" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Retail Operations", "version": { "version_data": [ { "platform": "prior to Build Nr. 1.2.14002.257", "version_affected": "<=", "version_name": "5.7.2", "version_value": "5.7.2" } ] } }, { "product_name": "Counterparty Settlement and Billing (CSB)", "version": { "version_data": [ { "version_affected": "<=", "version_name": "5.7.2", "version_value": "5.7.2" } ] } } ] }, "vendor_name": "Hitachi ABB Power Grids" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Insufficiently Protected Credentials vulnerability in client environment of Hitachi ABB Power Grids Retail Operations and Counterparty Settlement Billing (CSB) allows an attacker or unauthorized user to access database credentials, shut down the product and access or alter. This issue affects: Hitachi ABB Power Grids Retail Operations version 5.7.2 and prior versions. Hitachi ABB Power Grids Counterparty Settlement Billing (CSB) version 5.7.2 and prior versions." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-522 Insufficiently Protected Credentials" } ] } ] }, "references": { "reference_data": [ { "name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5933&LanguageCode=en&DocumentPartId=&Action=Launch", "refsource": "CONFIRM", "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5933&LanguageCode=en&DocumentPartId=&Action=Launch" }, { "name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5821&LanguageCode=en&DocumentPartId=&Action=Launch", "refsource": "CONFIRM", "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5821&LanguageCode=en&DocumentPartId=&Action=Launch" }, { "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-236-02", "refsource": "CONFIRM", "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-236-02" } ] }, "solution": [ { "lang": "eng", "value": "- Vulnerability is remediated in Retail Operations v5.7.3\n- Vulnerability is remediated in CSB v5.7.3" } ], "source": { "discovery": "USER" } }