Hitachi Energy Relion 670/650/SAM600-IO

View CSAF

1. EXECUTIVE SUMMARY

• CVSS v4 8.6
• ATTENTION: Exploitable remotely/low attack complexity
• Vendor: Hitachi Energy
• Equipment: Relion 670/650/SAM600-IO
• Vulnerability: Improper Handling of Insufficient Privileges

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow anyone with user credentials to bypass the security controls enforced by the product.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

Hitachi Energy reports the following products are affected:

• Relion 670/650 series: Version 2.2.0 all revisions
• Relion 670/650/SAM600-IO series: Version 2.2.1 all revisions up to but not including version 2.2.1.8.
• Relion 670 series: Version 2.2.2 all revisions up to but not including 2.2.2.5
• Relion 670 series: Version 2.2.3 revisions up to 2.2.3.4
• Relion 670/650 series Version 2.2.4 all revisions up to but not including version 2.2.4.3.
• Relion 670/650/SAM600-IO series: Version 2.2.5 up to revision 2.2.5.1
• Relion 670/650 series: Version 2.1 all revisions up to but not including version 2.1.0.5
• Relion 670 series: Version 2.0 all revisions up to but not including version 2.0.0.14.
• Relion 650 series: Version 1.3 all revisions up to but not including version 1.3.0.8.
• Relion 650 series: Version 1.2 all revisions
• Relion 650 series: Version 1.1 all revisions
• Relion 650 series: Version 1.0 all revisions

3.2 VULNERABILITY OVERVIEW

3.2.1 IMPROPER HANDLING OF INSUFFICIENT PRIVILEGES CWE-274

A vulnerability exists in the database schema inside the product. An attacker could exploit the vulnerability by gaining access to credentials of any account or to have access to a session ticket issued for an account. Then, through the configuration tool that accesses the proprietary Open Database Connectivity (ODBC) protocol (TCP 2102), the database table c

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.