CVE-2021-35529

HIGH

Hitachi ABB Power Grids <5.7.2 - Info Disclosure

Title source: llm

Description

Insufficiently Protected Credentials vulnerability in client environment of Hitachi ABB Power Grids Retail Operations and Counterparty Settlement Billing (CSB) allows an attacker or unauthorized user to access database credentials, shut down the product and access or alter. This issue affects: Hitachi ABB Power Grids Retail Operations version 5.7.2 and prior versions. Hitachi ABB Power Grids Counterparty Settlement Billing (CSB) version 5.7.2 and prior versions.

References (3)

[Vendor Advisory] https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5821&LanguageCode=en&DocumentPartId=&Action=Launch

[Vendor Advisory] https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5933&LanguageCode=en&DocumentPartId=&Action=Launch

[Third Party Advisory, US Government Resource] https://us-cert.cisa.gov/ics/advisories/icsa-21-236-02

Scores

CVSS v3 7.7

EPSS 0.0029

EPSS Percentile 52.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N

Classification

CWE

CWE-522

Status published

Affected Products (2)

hitachienergy/counterparty_settlement_and_billing < 5.7.3

hitachienergy/retail_operations < 5.7.3

Timeline

Published Aug 20, 2021

Tracked Since Feb 18, 2026