CVE-2022-2277
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Improper Input Validation vulnerability exists in the Hitachi Energy MicroSCADA X SYS600's ICCP stack during the ICCP communication establishment causes a denial-of-service when ICCP of SYS600 is request to forward any data item updates with timestamps too distant in the future to any remote ICCP system. By default, ICCP is not configured and not enabled. This issue affects: Hitachi Energy MicroSCADA X SYS600 version 10.2 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:::::::* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:::::::* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:::::::* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:::::::*
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Hitachi Energy | MicroSCADA X SYS600 | 10.2 | affected |
| Hitachi Energy | MicroSCADA X SYS600 | 10.2.1 | affected |
| Hitachi Energy | MicroSCADA X SYS600 | 10.3 | affected |
| Hitachi Energy | MicroSCADA X SYS600 | 10.3.1 | affected |
Weaknesses
- CWE-1284: CWE-1284 Improper Validation of Specified Quantity in Input
Workarounds
Do not enable ICCP if it is not used.
Apply general mitigation factors as specify in the advisory.
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.