Firmware upload verification bypass in TXpert Hub CoreTec 4
CVE-2021-35532

6.7MEDIUM

Key Information:

Vendor: Hitachi
Status: Txpert Hub Coretec 4 Version
Vendor: CVE Published:; 10 May 2022

Summary

A vulnerability exists in the file upload validation part of Hitachi Energy TXpert Hub CoreTec 4 product. The vulnerability allows an attacker or malicious agent who manages to gain access to the system and obtain an account with sufficient privilege to upload a malicious firmware to the product. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0; 2.0.1; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1.

Affected Version(s)

TXpert Hub CoreTec 4 version 2.0.0

TXpert Hub CoreTec 4 version 2.0.1

TXpert Hub CoreTec 4 version 2.1.0

References

https://search.abb.com/library/Download.aspx?DocumentID=8...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 10, 2022
Vulnerability Reserved
Jun 28, 2021