CVE-2021-40333

CRITICAL

Hitachi Energy FOX61x <R15A, XCM20 <R15A - Info Disclosure

Title source: llm

Description

Weak Password Requirements vulnerability in Hitachi Energy FOX61x, XCM20 allows an attacker to gain unauthorized access to the Data Communication Network (DCN) routing configuration. This issue affects: Hitachi Energy FOX61x versions prior to R15A. Hitachi Energy XCM20 versions prior to R15A.

References (2)

[Vendor Advisory] https://search.abb.com/library/Download.aspx?DocumentID=8DBD000062&LanguageCode=en&DocumentPartId=&Action=Launch

[Vendor Advisory] https://search.abb.com/library/Download.aspx?DocumentID=8DBD000069&LanguageCode=en&DocumentPartId=&Action=Launch

Scores

CVSS v3 9.0

EPSS 0.0020

EPSS Percentile 41.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:H

Details

CWE

CWE-521

Status published

Products (2)

hitachienergy/fox615_firmware < r15a

hitachienergy/xcm20_firmware < r15a

Published Dec 02, 2021

Tracked Since Feb 18, 2026