Severity

High

Analysis Summary

CVE-2021-35528

A flaw in the application authentication and authorization mechanism that depends on local validation of the session identifier allows an unauthorized, signed Java Applet JAR file to be executed.

Impact

• Unauthorized Access

Affected Vendors

• Hitachi Energy

Affected Products

• Retail Operations: Version 5.7.3 and prior
• Counterparty Settlement and Billing (CSB): Version 5.7.3 and prior

Remediation

Refer to CISA Advisory for the patch, upgrade, or suggested workaround information.