CVE-2022-1778

Summary

Improper Input Validation vulnerability in Hitachi Energy MicroSCADA X SYS600 while reading a specific configuration file causes a buffer-overflow that causes a failure to start the SYS600. The configuration file can only be accessed by an administrator access. This issue affects: Hitachi Energy MicroSCADA X SYS600 version 10 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_x_sys600:10:::::::* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1:::::::* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:::::::* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:::::::* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:::::::* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:::::::* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:::::::*

Affected Software

VendorProductVersion RangeStatus
Hitachi EnergyMicroSCADA X SYS60010affected
Hitachi EnergyMicroSCADA X SYS60010.1affected
Hitachi EnergyMicroSCADA X SYS60010.1.1affected
Hitachi EnergyMicroSCADA X SYS60010.2affected
Hitachi EnergyMicroSCADA X SYS60010.2.1affected
Hitachi EnergyMicroSCADA X SYS60010.3affected
Hitachi EnergyMicroSCADA X SYS60010.3.1affected

Weaknesses

  • CWE-119: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Workarounds

Apply general mitigation factors as specify in the advisory.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References