CVE-2021-35532
N/A
N/A
Summary
A vulnerability exists in the file upload validation part of Hitachi Energy TXpert Hub CoreTec 4 product. The vulnerability allows an attacker or malicious agent who manages to gain access to the system and obtain an account with sufficient privilege to upload a malicious firmware to the product. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0; 2.0.1; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Hitachi Energy | TXpert Hub CoreTec 4 version | 2.0.0 | affected |
| Hitachi Energy | TXpert Hub CoreTec 4 version | 2.0.1 | affected |
| Hitachi Energy | TXpert Hub CoreTec 4 version | 2.1.0 | affected |
| Hitachi Energy | TXpert Hub CoreTec 4 version | 2.1.1 | affected |
| Hitachi Energy | TXpert Hub CoreTec 4 version | 2.1.2 | affected |
| Hitachi Energy | TXpert Hub CoreTec 4 version | 2.1.3 | affected |
| Hitachi Energy | TXpert Hub CoreTec 4 version | 2.2.0 | affected |
| Hitachi Energy | TXpert Hub CoreTec 4 version | 2.2.1 | affected |
Weaknesses
- CWE-494: CWE-494 Download of Code Without Integrity Check
Workarounds
To reduce risk of exploitation, please apply the recommended mitigation as described in the advisory Section Mitigation Factors/Workarounds.
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.