CVE-2021-40333

Summary

Weak Password Requirements vulnerability in Hitachi Energy FOX61x, XCM20 allows an attacker to gain unauthorized access to the Data Communication Network (DCN) routing configuration. This issue affects: Hitachi Energy FOX61x versions prior to R15A. Hitachi Energy XCM20 versions prior to R15A.

Affected Software

VendorProductVersion RangeStatus
Hitachi EnergyFOX61xR15A < R15Aaffected
Hitachi EnergyXCM20R15A < R15Aaffected

Weaknesses

  • CWE-521: CWE-521 Weak Password Requirements

Workarounds

Recommended security practices and firewall configurations help protecting systems from attacks that originate from outside the network. Such practices include that network management systems and XMC20 networks are typically physically protected from direct access by unauthorized personnel and have no direct connections to the Internet, as well as are separated from other networks by means of a firewall system that has a minimal number of ports exposed (e.g., traffic to TCP port 26 should be blocked/dropped), and others that have to be evaluated case by case. Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system.

ADP Enrichment

CVE Program Container

Additional References

References