CVE-2022-29922
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Improper Input Validation vulnerability in the handling of a specially crafted IEC 61850 packet with a valid data item but with incorrect data type in the IEC 61850 OPC Server in the Hitachi Energy MicroSCADA X SYS600, MicroSCADA Pro SYS600. The vulnerability may cause a denial-of-service on the IEC 61850 OPC Server part of the SYS600 product. This issue affects: Hitachi Energy MicroSCADA Pro SYS600 version 9.4 FP2 Hotfix 4 and earlier versions Hitachi Energy MicroSCADA X SYS600 version 10 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.0:::::::* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.1:::::::* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.2:::::::* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.3:::::::* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:::::::* cpe:2.3:a:hitachienergy:microscada_x_sys600:10:::::::* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1:::::::* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:::::::* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:::::::* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:::::::* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:::::::* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:::::::*
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Hitachi Energy | MicroSCADA X SYS600 | 10 | affected |
| Hitachi Energy | MicroSCADA X SYS600 | 10.1 | affected |
| Hitachi Energy | MicroSCADA X SYS600 | 10.1.1 | affected |
| Hitachi Energy | MicroSCADA X SYS600 | 10.2 | affected |
| Hitachi Energy | MicroSCADA X SYS600 | 10.2.1 | affected |
| Hitachi Energy | MicroSCADA X SYS600 | 10.3 | affected |
| Hitachi Energy | MicroSCADA X SYS600 | 10.3.1 | affected |
| Hitachi Energy | MicroSCADA Pro SYS600 | unspecified <= 9.2 FP2 Hotfix 4 | affected |
Weaknesses
- CWE-20: CWE-20 Improper Input Validation
Workarounds
Apply general mitigation factors as specify in the advisory.
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.