CVE-2021-35530
6
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L
Summary
A vulnerability in the application authentication and authorization mechanism in Hitachi Energy's TXpert Hub CoreTec 4, that depends on a token validation of the session identifier, allows an unauthorized modified message to be executed in the server enabling an unauthorized actor to change an existing user password, and further gain authorized access into the system via login mechanism. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0 2.1.0; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Hitachi Energy | TXpert Hub CoreTec 4 version | 2.0.0 | affected |
| Hitachi Energy | TXpert Hub CoreTec 4 version | 2.0.1 | affected |
| Hitachi Energy | TXpert Hub CoreTec 4 version | 2.1.0 | affected |
| Hitachi Energy | TXpert Hub CoreTec 4 version | 2.1.1 | affected |
| Hitachi Energy | TXpert Hub CoreTec 4 version | 2.1.2 | affected |
| Hitachi Energy | TXpert Hub CoreTec 4 version | 2.1.3 | affected |
| Hitachi Energy | TXpert Hub CoreTec 4 version | 2.2.0 | affected |
| Hitachi Energy | TXpert Hub CoreTec 4 version | 2.2.1 | affected |
Weaknesses
- CWE-288: CWE-288 Authentication Bypass Using an Alternate Path or Channel
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.