CVE-2021-35535

HIGH

Hitachi Energy Relion - DoS

Title source: llm

Description

Insecure Boot Image vulnerability in Hitachi Energy Relion Relion 670/650/SAM600-IO series allows an attacker who manages to get access to the front network port and to cause a reboot sequences of the device may exploit the vulnerability, where there is a tiny time gap during the booting process where an older version of VxWorks is loaded prior to application firmware booting, could exploit the vulnerability in the older version of VxWorks and cause a denial-of-service on the product. This issue affects: Hitachi Energy Relion 670 Series 2.2.2 all revisions; 2.2.3 versions prior to 2.2.3.3. Hitachi Energy Relion 670/650 Series 2.2.0 all revisions; 2.2.4 all revisions. Hitachi Energy Relion 670/650/SAM600-IO 2.2.1 all revisions.

References (1)

[Vendor Advisory] https://search.abb.com/library/Download.aspx?DocumentID=8DBD000061&LanguageCode=en&DocumentPartId=&Action=Launch

Scores

CVSS v3 8.1

EPSS 0.0013

EPSS Percentile 31.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Details

CWE

CWE-1188

Status published

Products (9)

hitachienergy/relion_650_firmware 2.2.0

hitachienergy/relion_650_firmware 2.2.1

hitachienergy/relion_650_firmware 2.2.4

hitachienergy/relion_670_firmware 2.2.0

hitachienergy/relion_670_firmware 2.2.1

hitachienergy/relion_670_firmware 2.2.2

hitachienergy/relion_670_firmware 2.2.4

hitachienergy/relion_670_firmware 2.2.3 - 2.2.3.3

hitachienergy/relion_sam600-io_firmware 2.2.1

Published Nov 18, 2021

Tracked Since Feb 18, 2026