CVE-2022-2277

Summary

Improper Input Validation vulnerability exists in the Hitachi Energy MicroSCADA X SYS600's ICCP stack during the ICCP communication establishment causes a denial-of-service when ICCP of SYS600 is request to forward any data item updates with timestamps too distant in the future to any remote ICCP system. By default, ICCP is not configured and not enabled. This issue affects: Hitachi Energy MicroSCADA X SYS600 version 10.2 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:::::::* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:::::::* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:::::::* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:::::::*

Affected Software

VendorProductVersion RangeStatus
Hitachi EnergyMicroSCADA X SYS60010.2affected
Hitachi EnergyMicroSCADA X SYS60010.2.1affected
Hitachi EnergyMicroSCADA X SYS60010.3affected
Hitachi EnergyMicroSCADA X SYS60010.3.1affected

Weaknesses

  • CWE-1284: CWE-1284 Improper Validation of Specified Quantity in Input

Workarounds

Do not enable ICCP if it is not used.

Apply general mitigation factors as specify in the advisory.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References