Strix
26.1K

CVE-2021-35535

HIGHCVSS 8.1/10EPSS 0.57%

Last modified

CVE-2021-35535 is a high-severity vulnerability rated 8.1/10 on the CVSS scale. Insecure Boot Image vulnerability in Hitachi Energy Relion Relion 670/650/SAM600-IO series allows an attacker who manages to get access to the front network port and to cause a reboot sequences of the device may exploit the vulnerability, where there is a tiny time gap during the booting process where an older version of VxWorks is loaded prior to application firmware booting, could exploit the vulnerability in the older version of VxWorks and cause a denial-of-service on the product. This issue affects: Hitachi Energy Relion 670 Series 2.2.2 all revisions; 2.2.3 versions prior to 2.2.3.3. EPSS estimates a 0.57% chance of exploitation in the next 30 days.

Description

Insecure Boot Image vulnerability in Hitachi Energy Relion Relion 670/650/SAM600-IO series allows an attacker who manages to get access to the front network port and to cause a reboot sequences of the device may exploit the vulnerability, where there is a tiny time gap during the booting process where an older version of VxWorks is loaded prior to application firmware booting, could exploit the vulnerability in the older version of VxWorks and cause a denial-of-service on the product. This issue affects: Hitachi Energy Relion 670 Series 2.2.2 all revisions; 2.2.3 versions prior to 2.2.3.3. Hitachi Energy Relion 670/650 Series 2.2.0 all revisions; 2.2.4 all revisions. Hitachi Energy Relion 670/650/SAM600-IO 2.2.1 all revisions.

Metrics

CVSS 3.1
8.1/10

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
0.57%

42.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
HitachienergyRelion 670 Firmware>= 2.2.3, <= 2.2.3.3
HitachienergyRelion 670 Firmware2.2.0
HitachienergyRelion 670 Firmware2.2.1
HitachienergyRelion 670 Firmware2.2.2
HitachienergyRelion 670 Firmware2.2.4
HitachienergyRelion 650 Firmware2.2.0
HitachienergyRelion 650 Firmware2.2.1
HitachienergyRelion 650 Firmware2.2.4
HitachienergyRelion Sam600-Io Firmware2.2.1

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2021-35535?
Insecure Boot Image vulnerability in Hitachi Energy Relion Relion 670/650/SAM600-IO series allows an attacker who manages to get access to the front network port and to cause a reboot sequences of the device may exploit the vulnerability, where there is a tiny time gap during the booting process where an older version of VxWorks is loaded prior to application firmware booting, could exploit the vulnerability in the older version of VxWorks and cause a denial-of-service on the product. This issue affects: Hitachi Energy Relion 670 Series 2.2.2 all revisions; 2.2.3 versions prior to 2.2.3.3. Hitachi Energy Relion 670/650 Series 2.2.0 all revisions; 2.2.4 all revisions. Hitachi Energy Relion 670/650/SAM600-IO 2.2.1 all revisions.
How severe is CVE-2021-35535?
CVE-2021-35535 has a CVSS score of 8.1/10 (HIGH severity). The EPSS model estimates a 0.57% probability of exploitation in the next 30 days.
How do I fix CVE-2021-35535?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2021-35535?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST