Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Modular_switchgear_monitoring_firmware
(Hitachienergy)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 4 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-02-21 | CVE-2022-3353 | A vulnerability exists in the IEC 61850 communication stack that affects multiple Hitachi Energy products. An attacker could exploit the vulnerability by using a specially crafted message sequence, to force the IEC 61850 MMS-server communication stack, to stop accepting new MMS-client connections. Already existing/established client-server connections are not affected. List of affected CPEs: * cpe:2.3:o:hitachienergy:fox61x_tego1:r15b08:*:*:*:*:*:*:* * ... | Fox615_tego1_firmware, Gms600_firmware, Itt600_sa_explorer, Modular_switchgear_monitoring_firmware, Pwc600_firmware, Reb500_firmware, Relion_650_firmware, Relion_670_firmware, Relion_sam600\-Io_firmware, Rtu500_firmware, Sys600_firmware, Txpert_hub_coretec_4_firmware, Txpert_hub_coretec_5_firmware | 7.5 | ||
| 2022-07-25 | CVE-2021-40336 | A vulnerability exists in the http web interface where the web interface does not validate data in an HTTP header. This causes a possible HTTP response splitting, which if exploited could lead an attacker to channel down harmful code into the user’s web browser, such as to steal the session cookies. Thus, an attacker who successfully makes an MSM user who has already established a session to MSM web interface clicks a forged link to the MSM web interface, e.g., the link is sent per E-Mail,... | Modular_switchgear_monitoring_firmware | 8.8 | ||
| 2021-06-14 | CVE-2021-27196 | Improper Input Validation vulnerability in Hitachi ABB Power Grids Relion 670 Series, Relion 670/650 Series, Relion 670/650/SAM600-IO, Relion 650, REB500, RTU500 Series, FOX615 (TEGO1), MSM, GMS600, PWC600 allows an attacker with access to the IEC 61850 network with knowledge of how to reproduce the attack, as well as the IP addresses of the different IEC 61850 access points (of IEDs/products), to force the device to reboot, which renders the device inoperable for approximately 60 seconds.... | Fox615_tego1_firmware, Gms600_firmware, Modular_switchgear_monitoring_firmware, Pwc600_firmware, Reb500_firmware, Relion_650_firmware, Relion_670_firmware, Relion_sam600\-Io_firmware, Rtu500_firmware | 7.5 | ||
| 2022-07-25 | CVE-2021-40335 | A vulnerability exists in the HTTP web interface where the web interface does not sufficiently verify if a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. This cause a Cross Site Request Forgery (CSRF), which if exploited could lead an attacker to gain unauthorized access to the web application and perform an unwanted operation on it without the knowledge of the legitimate user. An attacker, who successfully makes an MSM user who has... | Modular_switchgear_monitoring_firmware | 8.8 |