CVE-2021-35535
📋 TL;DR
This vulnerability allows an attacker with physical access to the front network port to exploit a time gap during device boot where an older vulnerable version of VxWorks loads before the application firmware. This can cause denial-of-service on affected Hitachi Energy Relion protection relay devices. Affected systems include specific versions of Relion 670, 650, and SAM600-IO series devices.
💻 Affected Systems
- Hitachi Energy Relion 670 Series
- Hitachi Energy Relion 650 Series
- Hitachi Energy Relion SAM600-IO
📦 What is this software?
Relion 650 Firmware by Hitachienergy
Relion 650 Firmware by Hitachienergy
Relion 650 Firmware by Hitachienergy
Relion 670 Firmware by Hitachienergy
Relion 670 Firmware by Hitachienergy
Relion 670 Firmware by Hitachienergy
Relion 670 Firmware by Hitachienergy
Relion 670 Firmware by Hitachienergy
⚠️ Risk & Real-World Impact
Worst Case
Complete device denial-of-service requiring physical intervention to restore functionality, potentially disrupting critical power grid protection systems.
Likely Case
Temporary device unavailability requiring reboot, causing brief loss of protection monitoring capabilities.
If Mitigated
Minimal impact if physical access controls prevent unauthorized access to network ports and devices are in secure locations.
🎯 Exploit Status
Exploitation requires physical access to device and timing precision during boot sequence. No authentication needed once physical access obtained.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Relion 670 Series 2.2.3.3 and later versions
Vendor Advisory: https://search.abb.com/library/Download.aspx?DocumentID=8DBD000061&LanguageCode=en&DocumentPartId=&Action=Launch
Restart Required: Yes
Instructions:
1. Download firmware update from Hitachi Energy/ABB support portal. 2. Follow vendor-specific firmware update procedures for Relion devices. 3. Apply update to affected devices. 4. Reboot devices to complete installation.
🔧 Temporary Workarounds
Physical Access Controls
allRestrict physical access to device network ports through locked cabinets, secure rooms, or port security mechanisms.
Minimize Reboot Opportunities
allImplement change control procedures to minimize unnecessary device reboots and monitor for unauthorized reboot attempts.
🧯 If You Can't Patch
- Implement strict physical security controls around all affected devices
- Monitor device logs for unauthorized access or reboot attempts
🔍 How to Verify
Check if Vulnerable:
Check device firmware version via device web interface or serial console using vendor-specific commands.Check Version:
Vendor-specific commands via device interface; typically accessible through web GUI or serial connection.Verify Fix Applied:
Verify firmware version is 2.2.3.3 or later for Relion 670 Series, or consult vendor for other affected series updates.📡 Detection & Monitoring
Log Indicators:
- Unexpected device reboots
- Multiple boot attempts in short timeframe
- Physical access logs showing unauthorized personnel near devices
Network Indicators:
- Unusual traffic patterns during boot sequences
- Connection attempts to bootloader services
SIEM Query:
Device:vendor="Hitachi Energy" AND (event:reboot OR event:boot) AND version<"2.2.3.3"