7.8
CWE
863 312
Advisory Published
Updated

CVE-2021-35526: Storage of Sensitive Information Vulnerability in Hitachi ABB Power Grids System Data Manager – SDM600 Product

First published: Tue Aug 31 2021(Updated: )

Backup file without encryption vulnerability is found in Hitachi ABB Power Grids System Data Manager – SDM600 allows attacker to gain access to sensitive information. This issue affects: Hitachi ABB Power Grids System Data Manager – SDM600 1.2 versions prior to FP2 HF6 (Build Nr. 1.2.14002.257).

Credit: cybersecurity@hitachi-powergrids.com

Affected SoftwareAffected VersionHow to fix
Hitachiabb-powergrids Sdm600 Firmware>=1.2<1.2.14002.257
Hitachienergy Sdm600
Hitachi ABB Power Grids SDM600 FP2 HF6 (Build Nr. 1.2.14002.257)<1.2
1.2

Remedy

The problem is remediated as of the following product version SDM600 version 1.2 FP2 HF6 (Build Nr. 1.2.14002.257). Hitachi ABB Power Grids recommends that customers apply the update at the earliest convenience. After successful upgrade it is recommended to move previously created vulnerable backups to secure place to avoid any nonauthorized access.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

  • What is CVE-2021-35526?

    CVE-2021-35526 is a vulnerability found in Hitachi ABB Power Grids System Data Manager (SDM600) that allows an attacker to gain access to sensitive information by exploiting a backup file without encryption.

  • Which versions of Hitachi ABB Power Grids System Data Manager (SDM600) are affected?

    Versions prior to FP2 HF6 (Build Nr. 1.2.14002.257) of Hitachi ABB Power Grids System Data Manager (SDM600) are affected by CVE-2021-35526.

  • What is the severity level of CVE-2021-35526?

    CVE-2021-35526 has a severity level of 7.8, which is considered high.

  • How can an attacker exploit CVE-2021-35526?

    An attacker can exploit CVE-2021-35526 by gaining access to sensitive information through an unencrypted backup file.

  • Are there any references or additional resources related to CVE-2021-35526?

    Yes, you can find more information about CVE-2021-35526 in the references provided: [Reference 1](https://search.abb.com/library/Download.aspx?utm_campaign=&utm_content=2021.08_5051_Cybersecurity%20Advisory%3A&utm_medium=email&utm_source=Eloqua&DocumentID=9AKK107992A4700&LanguageCode=en&DocumentPartId=&Action=Launch&elqTrackId=ba79ef3d8aec4a4fad6c0cbe06d33d6c&elq=1bda419954724e908db108def16646a5&elqaid=3638&elqat=1&elqCampaignId=) [Reference 2](https://us-cert.cisa.gov/ics/advisories/icsa-21-250-02)

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203