CVE-2022-29922

Summary

Improper Input Validation vulnerability in the handling of a specially crafted IEC 61850 packet with a valid data item but with incorrect data type in the IEC 61850 OPC Server in the Hitachi Energy MicroSCADA X SYS600, MicroSCADA Pro SYS600. The vulnerability may cause a denial-of-service on the IEC 61850 OPC Server part of the SYS600 product. This issue affects: Hitachi Energy MicroSCADA Pro SYS600 version 9.4 FP2 Hotfix 4 and earlier versions Hitachi Energy MicroSCADA X SYS600 version 10 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.0:::::::* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.1:::::::* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.2:::::::* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.3:::::::* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:::::::* cpe:2.3:a:hitachienergy:microscada_x_sys600:10:::::::* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1:::::::* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:::::::* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:::::::* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:::::::* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:::::::* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:::::::*

Affected Software

VendorProductVersion RangeStatus
Hitachi EnergyMicroSCADA X SYS60010affected
Hitachi EnergyMicroSCADA X SYS60010.1affected
Hitachi EnergyMicroSCADA X SYS60010.1.1affected
Hitachi EnergyMicroSCADA X SYS60010.2affected
Hitachi EnergyMicroSCADA X SYS60010.2.1affected
Hitachi EnergyMicroSCADA X SYS60010.3affected
Hitachi EnergyMicroSCADA X SYS60010.3.1affected
Hitachi EnergyMicroSCADA Pro SYS600unspecified <= 9.2 FP2 Hotfix 4affected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation

Workarounds

Apply general mitigation factors as specify in the advisory.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References