CVE-2021-35530: User authentication bypass in TXpert Hub CoreTec 4
First published: Tue Jun 07 2022(Updated: )
A vulnerability in the application authentication and authorization mechanism in Hitachi Energy's TXpert Hub CoreTec 4, that depends on a token validation of the session identifier, allows an unauthorized modified message to be executed in the server enabling an unauthorized actor to change an existing user password, and further gain authorized access into the system via login mechanism. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0 2.1.0; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1.
Credit: cybersecurity@hitachienergy.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Hitachienergy Txpert Hub Coretec 4 Firmware | =2.0.0 | |
| Hitachienergy Txpert Hub Coretec 4 Firmware | =2.0.1 | |
| Hitachienergy Txpert Hub Coretec 4 Firmware | =2.1.0 | |
| Hitachienergy Txpert Hub Coretec 4 Firmware | =2.1.1 | |
| Hitachienergy Txpert Hub Coretec 4 Firmware | =2.1.2 | |
| Hitachienergy Txpert Hub Coretec 4 Firmware | =2.1.3 | |
| Hitachienergy Txpert Hub Coretec 4 Firmware | =2.2.0 | |
| Hitachienergy Txpert Hub Coretec 4 Firmware | =2.2.1 | |
| Hitachienergy Txpert Hub Coretec 4 |
Remedy
Update the system to TXpert Hub CoreTec 4 version 2.3.0 that fixes the issues.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2021-35530?
The severity of CVE-2021-35530 is high with a CVSS score of 6.7.
What is the affected software of CVE-2021-35530?
The affected software of CVE-2021-35530 is Hitachi Energy's TXpert Hub CoreTec 4 firmware version 2.0.0 to 2.2.1.
How does CVE-2021-35530 impact the system?
CVE-2021-35530 allows an unauthorized actor to execute unauthorized modified messages in the server, potentially enabling the actor to change an existing message.
Is there a fix available for CVE-2021-35530?
Yes, a fix is available for CVE-2021-35530. Users should update their Hitachi Energy's TXpert Hub CoreTec 4 firmware to a version that is not vulnerable.
Where can I find more information about CVE-2021-35530?
More information about CVE-2021-35530 can be found at [this link](https://search.abb.com/library/Download.aspx?DocumentID=8DBD000080&LanguageCode=en&DocumentPartId=&Action=Launch&utm_campaign=&utm_content=2022.04_5763_Cybersecurity%20Advisory%20Update_May_03&utm_medium=email&utm_source=Eloqua).
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/title
- agent/author
- agent/references
- agent/weakness
- agent/last-modified-date
- agent/remedy
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/hitachienergy
- canonical/hitachienergy txpert hub coretec 4 firmware
- version/hitachienergy txpert hub coretec 4 firmware/2.0.0
- version/hitachienergy txpert hub coretec 4 firmware/2.0.1
- version/hitachienergy txpert hub coretec 4 firmware/2.1.0
- version/hitachienergy txpert hub coretec 4 firmware/2.1.1
- version/hitachienergy txpert hub coretec 4 firmware/2.1.2
- version/hitachienergy txpert hub coretec 4 firmware/2.1.3
- version/hitachienergy txpert hub coretec 4 firmware/2.2.0
- version/hitachienergy txpert hub coretec 4 firmware/2.2.1
- canonical/hitachienergy txpert hub coretec 4