Sign-up

ID

VAR-202107-1226


CVE

CVE-2021-35527


TITLE

Hitachi ABB Power Grids  Made  eSOMS  Credentials are not adequately protected

Trust: 0.8

sources: JVNDB: JVNDB-2021-002244

DESCRIPTION

Password autocomplete vulnerability in the web application password field of Hitachi ABB Power Grids eSOMS allows attacker to gain access to user credentials that are stored by the browser. This issue affects: Hitachi ABB Power Grids eSOMS version 6.3 and prior versions. (CWE-522 , CVE-2021-35527) .Cross-site scripting in a third party or other application that has compromised your system XSS Password information may be stolen by a third party who exploits the vulnerability in). Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. A shift operation management system for the power generation industry

Trust: 2.34

sources: NVD: CVE-2021-35527 // JVNDB: JVNDB-2021-002244 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-395860 // VULMON: CVE-2021-35527

AFFECTED PRODUCTS

vendor:hitachienergymodel:esomsscope:ltversion:6.3.1

Trust: 1.0

vendor:日立abbパワーグリッド社model:esomsscope:eqversion: -

Trust: 0.8

vendor:日立abbパワーグリッド社model:esomsscope:eqversion:6.3 and all previous s

Trust: 0.8

sources: JVNDB: JVNDB-2021-002244 // NVD: CVE-2021-35527

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-35527
value: HIGH

Trust: 1.0

cybersecurity@hitachienergy.com: CVE-2021-35527
value: HIGH

Trust: 1.0

OTHER: JVNDB-2021-002244
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202107-1028
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

VULHUB: VHN-395860
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-35527
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-35527
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-395860
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-35527
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 2.0

OTHER: JVNDB-2021-002244
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-395860 // VULMON: CVE-2021-35527 // JVNDB: JVNDB-2021-002244 // CNNVD: CNNVD-202107-1028 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-35527 // NVD: CVE-2021-35527

PROBLEMTYPE DATA

problemtype:CWE-522

Trust: 1.1

problemtype:CWE-200

Trust: 1.0

problemtype:Inadequate protection of credentials (CWE-522) [ Other ]

Trust: 0.8

sources: VULHUB: VHN-395860 // JVNDB: JVNDB-2021-002244 // NVD: CVE-2021-35527

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202107-1028

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202107-1028 // CNNVD: CNNVD-202104-975

PATCH

title:Cybersecurity Advisoryurl:https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A0957&LanguageCode=en&Action=Launch

Trust: 0.8

sources: JVNDB: JVNDB-2021-002244

EXTERNAL IDS

db:NVDid:CVE-2021-35527

Trust: 2.6

db:ICS CERTid:ICSA-21-210-01

Trust: 1.4

db:JVNid:JVNVU98329583

Trust: 0.8

db:JVNDBid:JVNDB-2021-002244

Trust: 0.8

db:CNNVDid:CNNVD-202107-1028

Trust: 0.7

db:CS-HELPid:SB2021073001

Trust: 0.6

db:AUSCERTid:ESB-2021.2582

Trust: 0.6

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:VULHUBid:VHN-395860

Trust: 0.1

db:VULMONid:CVE-2021-35527

Trust: 0.1

sources: VULHUB: VHN-395860 // VULMON: CVE-2021-35527 // JVNDB: JVNDB-2021-002244 // CNNVD: CNNVD-202107-1028 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-35527

REFERENCES

url:https://search.abb.com/library/download.aspx?documentid=9akk107992a0957&languagecode=en&documentpartid=&action=launch

Trust: 1.7

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-210-01

Trust: 1.4

url:https://jvn.jp/vu/jvnvu98329583/

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2021.2582

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021073001

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://search.abb.com/library/download.aspx?documentid=9akk107992a0957&languagecode=en&documentpartid=&action=launch

Trust: 0.1

url:https://cwe.mitre.org/data/definitions/522.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-395860 // VULMON: CVE-2021-35527 // JVNDB: JVNDB-2021-002244 // CNNVD: CNNVD-202107-1028 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-35527

CREDITS

Hitachi ABB Power Grids reported this vulnerability to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-202107-1028

SOURCES

db:VULHUBid:VHN-395860
db:VULMONid:CVE-2021-35527
db:JVNDBid:JVNDB-2021-002244
db:CNNVDid:CNNVD-202107-1028
db:CNNVDid:CNNVD-202104-975
db:NVDid:CVE-2021-35527

LAST UPDATE DATE

2024-08-14T12:37:54.623000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-395860date:2021-09-16T00:00:00
db:VULMONid:CVE-2021-35527date:2021-07-20T00:00:00
db:JVNDBid:JVNDB-2021-002244date:2021-08-03T01:59:00
db:CNNVDid:CNNVD-202107-1028date:2021-08-02T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:NVDid:CVE-2021-35527date:2023-05-16T20:21:29.777

SOURCES RELEASE DATE

db:VULHUBid:VHN-395860date:2021-07-14T00:00:00
db:VULMONid:CVE-2021-35527date:2021-07-14T00:00:00
db:JVNDBid:JVNDB-2021-002244date:2021-08-03T00:00:00
db:CNNVDid:CNNVD-202107-1028date:2021-07-14T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:NVDid:CVE-2021-35527date:2021-07-14T14:15:08.937