How severe is CVE-2021-35535?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.1 out of 10.

What type of vulnerability is CVE-2021-35535?

This is classified as CWE-1188, which is a common weakness in software security.

CVE-2021-35535

HIGH Year: 2021

CVSS v3 Score

8.1

High

CVSS v2 Score

6.8

Medium

Weakness Type

CWE-1188

View all →

Vulnerability Description

Insecure Boot Image vulnerability in Hitachi Energy Relion Relion 670/650/SAM600-IO series allows an attacker who manages to get access to the front network port and to cause a reboot sequences of the device may exploit the vulnerability, where there is a tiny time gap during the booting process where an older version of VxWorks is loaded prior to application firmware booting, could exploit the vulnerability in the older version of VxWorks and cause a denial-of-service on the product. This issue affects: Hitachi Energy Relion 670 Series 2.2.2 all revisions; 2.2.3 versions prior to 2.2.3.3. Hitachi Energy Relion 670/650 Series 2.2.0 all revisions; 2.2.4 all revisions. Hitachi Energy Relion 670/650/SAM600-IO 2.2.1 all revisions.

CVE-2018-15685

HIGH

CVSS:8.1(High)

GitHub Electron 1.7.15, 1.8.7, 2.0.7, and 3.0.0-beta.6, in certain scenarios involving IFRAME elements and "nativeWindowOpen: true" or "sandbox: true" options, is affected by a WebPreferences vulnerab...

CWE-11882018

CVE-2019-4169

HIGH

CVSS:8.1(High)

IBM Open Power Firmware OP910 and OP920 could allow access to BMC via IPMI using default OpenBMC password even after BMC password was changed away from the default password. IBM X-Force ID: 158702.

CWE-11882019

CVE-2019-4621

HIGH

CVSS:8.1(High)

IBM DataPower Gateway 7.6.0.0-7 throug 6.0.14 and 2018.4.1.0 through 2018.4.1.5 have a default administrator account that is enabled if the IPMI LAN channel is enabled. A remote attacker could use thi...

CWE-11882019

CVE-2020-10552

HIGH

CVSS:8.1(High)

An issue was discovered in Psyprax before 3.2.2. The Firebird database is accessible with the default user sysdba and password masterke after installation. This allows any user to access it and read a...

CWE-11882020

CVE-2021-34203

HIGH

CVSS:8.1(High)

D-Link DIR-2640-US 1.01B04 is vulnerable to Incorrect Access Control. Router ac2600 (dir-2640-us), when setting PPPoE, will start quagga process in the way of whole network monitoring, and this functi...

CWE-11882021

CVE-2023-3453

HIGH

CVSS:8.1(High)

ETIC Telecom RAS versions 4.7.0 and prior the web management portal authentication disabled by default. This could allow an attacker with adjacent network access to alter the configuration of the devi...

CWE-11882023

CVE-2021-35535

Vulnerability Description

Related Vulnerabilities

CVE-2018-15685

CVE-2019-4169

CVE-2019-4621

CVE-2020-10552

CVE-2021-34203

CVE-2023-3453