CVE-2021-40333

Published on: 12/02/2021 12:00:00 AM UTC

Last Modified on: 12/07/2021 03:37:00 PM UTC

CVE-2021-40333

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:H

Certain versions of Fox615 from Hitachienergy contain the following vulnerability:

Weak Password Requirements vulnerability in Hitachi Energy FOX61x, XCM20 allows an attacker to gain unauthorized access to the Data Communication Network (DCN) routing configuration. This issue affects: Hitachi Energy FOX61x versions prior to R15A. Hitachi Energy XCM20 versions prior to R15A.

CVE-2021-40333 has been assigned by [email protected] to track the vulnerability - currently rated as HIGH severity.
Affected Vendor/Software: Hitachi Energy - FOX61x version < R15A
Affected Vendor/Software: Hitachi Energy - XCM20 version < R15A

Vulnerability Patch/Work Around

Recommended security practices and firewall configurations help protecting systems from attacks that originate from outside the network. Such practices include that network management systems and XMC20 networks are typically physically protected from direct access by unauthorized personnel and have no direct connections to the Internet, as well as are separated from other networks by means of a firewall system that has a minimal number of ports exposed (e.g., traffic to TCP port 26 should be blocked/dropped), and others that have to be evaluated case by case. Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system.

CVSS3 Score: 7.1 - HIGH

Attack Vector ^ⓘ	Attack Complexity	Privileges Required	User Interaction
NETWORK	LOW	LOW	NONE
Scope	Confidentiality Impact	Integrity Impact	Availability Impact
UNCHANGED	LOW	HIGH	NONE

CVSS2 Score: 5.5 - MEDIUM

Access Vector^ⓘ	Access Complexity	Authentication
NETWORK	LOW	SINGLE
Confidentiality Impact	Integrity Impact	Availability Impact
PARTIAL	PARTIAL	NONE

CVE References

Description	Tags ^ⓘ	Link
	search.abb.com application/octet-stream	CONFIRM search.abb.com/library/Download.aspx?DocumentID=8DBD000069&LanguageCode=en&DocumentPartId=&Action=Launch
	search.abb.com application/pdf	CONFIRM search.abb.com/library/Download.aspx?DocumentID=8DBD000062&LanguageCode=en&DocumentPartId=&Action=Launch

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].

There are currently no QIDs associated with this CVE

Known Affected Configurations (CPE V2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Hardware	Hitachienergy	Fox615	-	All	All	All
Operating System	Hitachienergy	Fox615 Firmware	All	All	All	All
Hardware	Hitachienergy	Xcm20	-	All	All	All
Operating System	Hitachienergy	Xcm20 Firmware	All	All	All	All

cpe:2.3:h:hitachienergy:fox615:-:*:*:*:*:*:*:*:
cpe:2.3:o:hitachienergy:fox615_firmware:*:*:*:*:*:*:*:*:
cpe:2.3:h:hitachienergy:xcm20:-:*:*:*:*:*:*:*:
cpe:2.3:o:hitachienergy:xcm20_firmware:*:*:*:*:*:*:*:*:

No vendor comments have been submitted for this CVE

Social Mentions

Source	Title	Posted (UTC)
@CVEreport	CVE-2021-40333 : Weak Password Requirements vulnerability in Hitachi Energy FOX61x, XCM20 allows an attacker to gai… twitter.com/i/web/status/1…	2021-12-02 19:01:56
/r/netcve	CVE-2021-40333	2021-12-02 20:38:07