CVE-2021-40334

Name: CVE-2021-40334
Creator: NVD / NIST
Published: 2021-12-02T19:15:08.413+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.5/10EPSS 0.96%

Last modified Jun 17, 2026

CVE-2021-40334 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. Missing Handler vulnerability in the proprietary management protocol (port TCP 5558) of Hitachi Energy FOX61x, XCM20 allows an attacker that exploits the vulnerability by activating SSH on port TCP 5558 to cause disruption to the NMS and NE communication. This issue affects: Hitachi Energy FOX61x versions prior to R15A. EPSS estimates a 0.96% chance of exploitation in the next 30 days.

Description

Missing Handler vulnerability in the proprietary management protocol (port TCP 5558) of Hitachi Energy FOX61x, XCM20 allows an attacker that exploits the vulnerability by activating SSH on port TCP 5558 to cause disruption to the NMS and NE communication. This issue affects: Hitachi Energy FOX61x versions prior to R15A. Hitachi Energy XCM20 versions prior to R15A.

Metrics

CVSS 3.1

7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Probability

0.96%

56.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-431

Affected Software

Vendor	Product	Versions
Hitachienergy	Fox615 Firmware	< r15a
Hitachienergy	Xcm20 Firmware	< r15a

References

Timeline

Published: Dec 2, 2021
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2021-40334?

How severe is CVE-2021-40334?

CVE-2021-40334 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 0.96% probability of exploitation in the next 30 days.

How do I fix CVE-2021-40334?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2021-40334?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST