Insufficiently protected credentials in Retail Operations and Counterparty Settlement and Billing (CSB)

#VU56075 Insufficiently protected credentials in Retail Operations and Counterparty Settlement and Billing (CSB)

Published: 2021-08-25

Vulnerability identifier: #VU56075

Vulnerability risk: Low

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-35529

CWE-ID: CWE-522

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Retail Operations
Server applications / Other server solutions
Counterparty Settlement and Billing (CSB)
Server applications / Other server solutions

Vendor: Hitachi ABB Power Grids

Description

The vulnerability allows a remote user to compromise the target system.

The vulnerability exists due to insufficiently protected credentials. A remote administrator can access database credentials and gain read/edit access to application data.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Retail Operations: 5.7.2

Counterparty Settlement and Billing (CSB): 5.7.2

External links
http://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5821&LanguageCode=en&DocumentPartId=&Action=Launch
http://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5933&LanguageCode=en&DocumentPartId=&Action=Launch

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Insufficiently protected credentials in Hitachi ABB Power Grids Retail Operations and CSB Products