CVE-2021-35535: Insufficient Security Control Vulnerability
First published: Thu Nov 04 2021(Updated: )
Insecure Boot Image vulnerability in Hitachi Energy Relion Relion 670/650/SAM600-IO series allows an attacker who manages to get access to the front network port and to cause a reboot sequences of the device may exploit the vulnerability, where there is a tiny time gap during the booting process where an older version of VxWorks is loaded prior to application firmware booting, could exploit the vulnerability in the older version of VxWorks and cause a denial-of-service on the product. This issue affects: Hitachi Energy Relion 670 Series 2.2.2 all revisions; 2.2.3 versions prior to 2.2.3.3. Hitachi Energy Relion 670/650 Series 2.2.0 all revisions; 2.2.4 all revisions. Hitachi Energy Relion 670/650/SAM600-IO 2.2.1 all revisions.
Credit: cybersecurity@hitachienergy.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Hitachienergy Relion 670 Firmware | >=2.2.3<=2.2.3.3 | |
| Hitachienergy Relion 670 Firmware | =2.2.0 | |
| Hitachienergy Relion 670 Firmware | =2.2.1 | |
| Hitachienergy Relion 670 Firmware | =2.2.2 | |
| Hitachienergy Relion 670 Firmware | =2.2.4 | |
| Hitachienergy Relion 670 | ||
| Hitachienergy Relion 650 Firmware | =2.2.0 | |
| Hitachienergy Relion 650 Firmware | =2.2.1 | |
| Hitachienergy Relion 650 Firmware | =2.2.4 | |
| Hitachienergy Relion 650 | ||
| Hitachienergy Relion Sam600-io Firmware | =2.2.1 | |
| Hitachienergy Relion Sam600-io |
Remedy
Refer to the cybersecurity advisories at https://www.hitachienergy.com/cybersecurity/alerts-and-notifications
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability in Hitachi Energy Relion Relion 670/650/SAM600-IO series?
The vulnerability is an Insecure Boot Image vulnerability that allows an attacker who has access to the front network port to cause a reboot sequence of the device.
What is the severity of CVE-2021-35535?
The severity of CVE-2021-35535 is high with a CVSS score of 8.1.
How can an attacker exploit the vulnerability in Hitachi Energy Relion Relion 670/650/SAM600-IO series?
An attacker can exploit the vulnerability by taking advantage of a tiny time gap during the booting process of the device.
Which versions of Hitachi Energy Relion 670 Firmware are affected?
The versions affected are 2.2.0, 2.2.1, 2.2.2, and 2.2.3 (up to version 2.2.3.3).
How can I fix the Insecure Boot Image vulnerability in Hitachi Energy Relion Relion 670/650/SAM600-IO series?
To fix the vulnerability, it is recommended to update the firmware to a version that addresses the issue.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/title
- agent/author
- agent/references
- agent/weakness
- agent/last-modified-date
- agent/remedy
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/hitachienergy
- canonical/hitachienergy relion 670 firmware
- version/hitachienergy relion 670 firmware/2.2.3
- version/hitachienergy relion 670 firmware/2.2.3.3
- version/hitachienergy relion 670 firmware/2.2.0
- version/hitachienergy relion 670 firmware/2.2.1
- version/hitachienergy relion 670 firmware/2.2.2
- version/hitachienergy relion 670 firmware/2.2.4
- canonical/hitachienergy relion 670
- canonical/hitachienergy relion 650 firmware
- version/hitachienergy relion 650 firmware/2.2.0
- version/hitachienergy relion 650 firmware/2.2.1
- version/hitachienergy relion 650 firmware/2.2.4
- canonical/hitachienergy relion 650
- canonical/hitachienergy relion sam600-io firmware
- version/hitachienergy relion sam600-io firmware/2.2.1
- canonical/hitachienergy relion sam600-io