CVE-2021-35534
published 2021-11-18CVE-2021-35534: Insufficient security control vulnerability in internal database access mechanism of Hitachi Energy Relion 670/650/SAM600-IO, Relion 650, GMS600, PWC600 allows…
PriorityP345high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
1.67%
73.8th percentile
Insufficient security control vulnerability in internal database access mechanism of Hitachi Energy Relion 670/650/SAM600-IO, Relion 650, GMS600, PWC600 allows attacker who successfully exploited this vulnerability, of which the product does not sufficiently restrict access to an internal database tables, could allow anybody with user credentials to bypass security controls that is enforced by the product. Consequently, exploitation may lead to unauthorized modifications on data/firmware, and/or to permanently disabling the product. This issue affects: Hitachi Energy Relion 670 Series 2.0 all revisions; 2.2.2 all revisions; 2.2.3 versions prior to 2.2.3.5. Hitachi Energy Relion 670/650 Series 2.1 all revisions. 2.2.0 all revisions; 2.2.4 all revisions; Hitachi Energy Relion 670/650/SAM600-IO 2.2.1 all revisions; 2.2.5 versions prior to 2.2.5.2. Hitachi Energy Relion 650 1.0 all revisions. 1.1 all revisions; 1.2 all revisions; 1.3 versions prior to 1.3.0.8; Hitachi Energy GMS600 1.3.0; 1.3.0.1; 1.2.0. Hitachi Energy PWC600 1.0.1 version 1.0.1.4 and prior versions; 1.1.0 version 1.1.0.1 and prior versions.
Affected
45 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hitachi_energy | gms600 | — | — |
| hitachi_energy | gms600 | — | — |
| hitachi_energy | gms600 | — | — |
| hitachi_energy | pwc600 | 1.0.1 – 1.0.1.4 | — |
| hitachi_energy | pwc600 | 1.1.0 – 1.1.0.1 | — |
| hitachi_energy | relion_650 | — | — |
| hitachi_energy | relion_650 | — | — |
| hitachi_energy | relion_650 | — | — |
| hitachi_energy | relion_650 | >= 1.3 < 1.3.0.8 | 1.3.0.8 |
| hitachi_energy | relion_670_650_sam600-io | — | — |
| hitachi_energy | relion_670_650_sam600-io | >= 2.2.5 < 2.2.5.2 | 2.2.5.2 |
| hitachi_energy | relion_670_650_series | — | — |
| hitachi_energy | relion_670_650_series | — | — |
| hitachi_energy | relion_670_650_series | — | — |
| hitachi_energy | relion_670_series | — | — |
| hitachi_energy | relion_670_series | — | — |
| hitachi_energy | relion_670_series | >= 2.2.3 < 2.2.3.5 | 2.2.3.5 |
| hitachienergy | gms600_firmware | — | — |
| hitachienergy | gms600_firmware | — | — |
| hitachienergy | gms600_firmware | — | — |
| hitachienergy | pwc600_firmware | — | — |
| hitachienergy | pwc600_firmware | — | — |
| hitachienergy | pwc600_firmware | — | — |
| hitachienergy | pwc600_firmware | — | — |
| hitachienergy | pwc600_firmware | — | — |
CVSS provenance
nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-72pf-j5fj-gg32: Insufficient security control vulnerability in internal database access mechanism of Hitachi Energy Relion 670/650/SAM600-IO, Relion 650, GMS600, PWC6
ghsa_unreviewed·2021-11-19
CVE-2021-35534 [HIGH] CWE-269 GHSA-72pf-j5fj-gg32: Insufficient security control vulnerability in internal database access mechanism of Hitachi Energy Relion 670/650/SAM600-IO, Relion 650, GMS600, PWC6
Insufficient security control vulnerability in internal database access mechanism of Hitachi Energy Relion 670/650/SAM600-IO, Relion 650, GMS600, PWC600 allows attacker who successfully exploited this vulnerability, of which the product does not sufficiently restrict access to an internal database tables, could allow anybody with user credentials to bypass security controls that is enforced by the product. Consequently, exploitation may lead to unauthorized modifications on data/firmware, and/or to permanently disabling the product. This issue affects: Hitachi Energy Relion 670 Series 2.0 all revisions; 2.2.2 all revisions; 2.2.3 versions prior to 2.2.3.5. Hitachi Energy Relion 670/650 Series 2.1 all revisions. 2.2.0 all revisions; 2.2.4 all revisions; Hitachi Energy Relion 670/650/SAM600-
CISA ICS
Hitachi Energy Relion 670/650/SAM600-IO
cisa_ics·2025-03-06
Hitachi Energy Relion 670/650/SAM600-IO
ICS Advisory
##
Hitachi Energy Relion 670/650/SAM600-IO
Release DateMarch 06, 2025
Alert CodeICSA-25-065-02
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 8.6
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Hitachi Energy
- Equipment: Relion 670/650/SAM600-IO
- Vulnerability: Improper Handling of Insufficient Privileges
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could allow anyone with user credentials to bypass the security controls enforced by the product.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
Hitachi Energy reports the following products are affected:
- Relion 670/650 series: Version 2.2.0 all revisions
- Relio
CISA ICS
Hitachi Energy GMS600, PWC600, and Relion (Update A)
cisa_ics·2021-12-09
Hitachi Energy GMS600, PWC600, and Relion (Update A)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Hitachi Energy GMS600, PWC600, and Relion (Update A)
Last RevisedDecember 09, 2021
Alert CodeICSA-21-343-01
## 1. EXECUTIVE SUMMARY
- CVSS v3 7.2
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Hitachi Energy
- Equipment: GMS600, PWC600, and Relion 670/650/SAM600-IO
- Vulnerability: Improper Access Controls
## 2. UPDATE INFORMATION
This updated advisory is a follow-up to the original advisory titled ICSA-21-343-01 Hitachi Energy GMS600, PWC600, and Relion that was published December 9, 2021, on the ICS webpage at cisa.gov/ics.
## 3. RISK EVALUATION
Succ
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://search.abb.com/library/Download.aspx?DocumentID=8DBD000058&LanguageCode=en&DocumentPartId=&Action=Launchhttps://search.abb.com/library/Download.aspx?DocumentID=8DBD000059&LanguageCode=en&DocumentPartId=&Action=Launchhttps://search.abb.com/library/Download.aspx?DocumentID=8DBD000060&LanguageCode=en&DocumentPartId=&Action=Launchhttps://search.abb.com/library/Download.aspx?DocumentID=8DBD000058&LanguageCode=en&DocumentPartId=&Action=Launchhttps://search.abb.com/library/Download.aspx?DocumentID=8DBD000059&LanguageCode=en&DocumentPartId=&Action=Launchhttps://search.abb.com/library/Download.aspx?DocumentID=8DBD000060&LanguageCode=en&DocumentPartId=&Action=Launch
2021-11-18
Published