CVE-2022-3353

Summary

A vulnerability exists in the IEC 61850 communication stack that affects multiple Hitachi Energy products. 

An attacker could exploit the vulnerability by using a specially crafted message sequence, to force the IEC 61850 MMS-server communication stack, to stop accepting new MMS-client connections. 

Already existing/established client-server connections are not affected.

List of affected CPEs:

  • cpe:2.3:o:hitachienergy:fox61x_tego1:r15b08:::::::*
  • cpe:2.3:o:hitachienergy:fox61x_tego1:r2a16_3:::::::*
  • cpe:2.3:o:hitachienergy:fox61x_tego1:r2a16:::::::*
  • cpe:2.3:o:hitachienergy:fox61x_tego1:r1e01:::::::*
  • cpe:2.3:o:hitachienergy:fox61x_tego1:r1d02:::::::*
  • cpe:2.3:o:hitachienergy:fox61x_tego1:r1c07:::::::*
  • cpe:2.3:o:hitachienergy:fox61x_tego1:r1b02:::::::*
  • cpe:2.3:a:hitachienergy:gms600:1.3.0:::::::*
  • cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.1.:::::::
  • cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.5.:::::::
  • cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.6.0:::::::*
  • cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.6.0.1:::::::*
  • cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.7.0:::::::*
  • cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.7.2:::::::*
  • cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.8.0:::::::*
  • cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.0.:::::::
  • cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.1.0.4:::::::*
  • cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.1.0.5:::::::*
  • cpe:2.3:a:hitachienergy:microscada_x_sys600:10:::::::*
  • cpe:2.3:a:hitachienergy:microscada_x_sys600:10.:::::::
  • cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:::::::*
  • cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:::::::*
  • cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:::::::*
  • cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:::::::*
  • cpe:2.3:a:hitachienergy:microscada_x_sys600:10.4:::::::*
  • cpe:2.3:a:hitachienergy:microscada_x_sys600:10.4.1:::::::*
  • cpe:2.3:a:hitachienergy:mms:2.2.3:::::::*
  • cpe:2.3:a:hitachienergy:pwc600:1.0:::::::*
  • cpe:2.3:a:hitachienergy:pwc600:1.1:::::::*
  • cpe:2.3:a:hitachienergy:pwc600:1.2:::::::*
  • cpe:2.3:o:hitachienergy:reb500:7::::::::
  • cpe:2.3:o:hitachienergy:reb500:8:::::::*
  • cpe:2.3:o:hitachienergy:relion670:1.2.:::::::
  • cpe:2.3:o:hitachienergy:relion670:2.0.:::::::
  • cpe:2.3:o:hitachienergy:relion650:1.1.:::::::
  • cpe:2.3:o:hitachienergy:relion650:1.3.:::::::
  • cpe:2.3:o:hitachienergy:relion650:2.1.:::::::
  • cpe:2.3:o:hitachienergy:relion670:2.1.:::::::
  • cpe:2.3:o:hitachienergy:relionSAM600-IO:2.2.1:::::::*
  • cpe:2.3:o:hitachienergy:relionSAM600-IO:2.2.5:::::::*
  • cpe:2.3:o:hitachienergy:relion670:2.2.:::::::
  • cpe:2.3:o:hitachienergy:relion650:2.2.:::::::
  • cpe:2.3:o:hitachienergy:rtu500cmu:12..:::::::*
  • cpe:2.3:a:hitachienergy:rtu500cmu:13..:::::::*
  • cpe:2.3:a:hitachienergy:txpert_hub_coretec_4:2.:::::::
  • cpe:2.3:a:hitachienergy:txpert_hub_coretec_4:3.0:::::::*
  • cpe:2.3:a:hitachienergy:txpert_hub_coretec_5:3.0:::::::*

Affected Software

VendorProductVersion RangeStatus
Hitachi EnergyFOX61x TEGO1tego1_r16a11unaffected
Hitachi EnergyFOX61x TEGO1tego1_r15b08affected
Hitachi EnergyFOX61x TEGO1tego1_r2a16_03affected
Hitachi EnergyFOX61x TEGO1tego1_r2a16affected
Hitachi EnergyFOX61x TEGO1tego1_r1e01affected
Hitachi EnergyFOX61x TEGO1tego1_r1d02affected
Hitachi EnergyFOX61x TEGO1tego1_r1c07affected
Hitachi EnergyFOX61x TEGO1tego1_r1b02affected
Hitachi EnergyGMS600GMS600 1.3affected
Hitachi EnergyITT600 SA ExplorerITT600 SA Explorer 1.1.0affected
Hitachi EnergyITT600 SA ExplorerITT600 SA Explorer 1.1.1affected
Hitachi EnergyITT600 SA ExplorerITT600 SA Explorer 1.1.2affected
Hitachi EnergyITT600 SA ExplorerITT600 SA Explorer 1.5.0affected
Hitachi EnergyITT600 SA ExplorerITT600 SA Explorer 1.5.1affected
Hitachi EnergyITT600 SA ExplorerITT600 SA Explorer 1.6.0affected
Hitachi EnergyITT600 SA ExplorerITT600 SA Explorer 1.6.0.1affected
Hitachi EnergyITT600 SA ExplorerITT600 SA Explorer 1.7.0affected
Hitachi EnergyITT600 SA ExplorerITT600 SA Explorer 1.7.2affected
Hitachi EnergyITT600 SA ExplorerITT600 SA Explorer 1.8.0affected
Hitachi EnergyITT600 SA ExplorerITT600 SA Explorer 2.0.1affected
Hitachi EnergyITT600 SA ExplorerITT600 SA Explorer 2.0.2affected
Hitachi EnergyITT600 SA ExplorerITT600 SA Explorer 2.0.3affected
Hitachi EnergyITT600 SA ExplorerITT600 SA Explorer 2.0.4.1affected
Hitachi EnergyITT600 SA ExplorerITT600 SA Explorer 2.0.5.0affected
Hitachi EnergyITT600 SA ExplorerITT600 SA Explorer 2.0.5.4affected
Hitachi EnergyITT600 SA ExplorerITT600 SA Explorer 2.1.0.4affected
Hitachi EnergyITT600 SA ExplorerITT600 SA Explorer 2.1.0.5affected
Hitachi EnergyITT600 SA ExplorerITT600 SA Explorer 2.1.1.2unaffected
Hitachi EnergyMicroSCADA X SYS600SYS600 10affected
Hitachi EnergyMicroSCADA X SYS600SYS600 10.1affected
Hitachi EnergyMicroSCADA X SYS600SYS600 10.1.1affected
Hitachi EnergyMicroSCADA X SYS600SYS600 10.2affected
Hitachi EnergyMicroSCADA X SYS600SYS600 10.2.1affected
Hitachi EnergyMicroSCADA X SYS600SYS600 10.3affected
Hitachi EnergyMicroSCADA X SYS600SYS600 10.3.1affected
Hitachi EnergyMicroSCADA X SYS600SYS600 10.4affected
Hitachi EnergyMicroSCADA X SYS600SYS600 10.4.1unaffected
Hitachi EnergyMSMMSM 2.2.3;0affected
Hitachi EnergyPWC600PWC600 1.0affected
Hitachi EnergyPWC600PWC600 1.1affected
Hitachi EnergyPWC600PWC600 1.2affected
Hitachi EnergyREB500REB500 7.0 < 7.*affected
Hitachi EnergyREB500REB500 8.0 < 8.*affected
Hitachi EnergyREB500REB500 8.3.3.0unaffected
Hitachi EnergyRelion® 670Relion 670 1.2affected
Hitachi EnergyRelion® 670Relion 670 2.0affected
Hitachi EnergyRelion® 670Relion 670 version 2.1affected
Hitachi EnergyRelion® 670Relion 670 2.2.0affected
Hitachi EnergyRelion® 670Relion 670 2.2.1affected
Hitachi EnergyRelion® 670Relion 670 2.2.2affected
Hitachi EnergyRelion® 670Relion 670 2.2.3affected
Hitachi EnergyRelion® 670Relion 670 2.2.4affected
Hitachi EnergyRelion® 670Relion 670 2.2.5affected
Hitachi EnergyRelion® 650Relion 650 1.1affected
Hitachi EnergyRelion® 650Relion 650 1.3affected
Hitachi EnergyRelion® 650Relion 650 2.1affected
Hitachi EnergyRelion® 650Relion 650 2.2.0affected
Hitachi EnergyRelion® 650Relion 650 2.2.1affected
Hitachi EnergyRelion® 650Relion 650 2.2.2affected
Hitachi EnergyRelion® 650Relion 650 2.2.3affected
Hitachi EnergyRelion® 650Relion 650 2.2.4affected
Hitachi EnergyRelion® 650Relion 650 2.2.5affected
Hitachi EnergySAM600-IORelion SAM600-IO 2.2.1affected
Hitachi EnergySAM600-IORelion SAM600-IO 2.2.5affected
Hitachi EnergyRTU500RTU500 12.0.1 <= 12.0.14affected
Hitachi EnergyRTU500RTU500 12.0.15unaffected
Hitachi EnergyRTU500RTU500 12.2.1 <= 12.2.11affected
Hitachi EnergyRTU500RTU500 12.2.12unaffected
Hitachi EnergyRTU500RTU500 12.4.1 <= 12.4.11affected
Hitachi EnergyRTU500RTU500 12.4.12unaffected
Hitachi EnergyRTU500RTU500 12.6.1 <= 12.6.8affected
Hitachi EnergyRTU500RTU500 12.6.9unaffected
Hitachi EnergyRTU500RTU500 12.7.1 <= 12.7.4affected
Hitachi EnergyRTU500RTU500 12.7.5unaffected
Hitachi EnergyRTU500RTU500 13.2.1 <= 13.2.5affected
Hitachi EnergyRTU500RTU500 13.2.6unaffected
Hitachi EnergyRTU500RTU500 13.3.1 <= 13.3.3affected
Hitachi EnergyRTU500RTU500 13.3.4unaffected
Hitachi EnergyRTU500RTU500 13.4.1affected
Hitachi EnergyRTU500RTU500 13.4.2unaffected
Hitachi EnergyTXpert Hub CoreTec 4CoreTec 4 version 2.0.*affected
Hitachi EnergyTXpert Hub CoreTec 4CoreTec 4 version 2.1.*affected
Hitachi EnergyTXpert Hub CoreTec 4CoreTec 4 version 2.2.*affected
Hitachi EnergyTXpert Hub CoreTec 4CoreTec 4 version 2.3.*affected
Hitachi EnergyTXpert Hub CoreTec 4CoreTec 4 version 2.4.*affected
Hitachi EnergyTXpert Hub CoreTec 4CoreTec 4 version 3.0.*affected
Hitachi EnergyTXpert Hub CoreTec 5CoreTec 5 version 3.0.*affected

Weaknesses

  • CWE-404: CWE-404 Improper Resource Shutdown or Release

Workarounds

Recommended security practices and firewall configurations can help protect a process control network from attacks that originate from outside the network. Such practices include that process control systems are physically protected from direct access by unauthorized personnel, have no direct connections to the Internet, and are separated from other networks by means of a firewall system that has a minimal number of ports exposed, and others that have to be evaluated case by case. Process control systems should not be used for Internet surfing, instant messaging, or receiving e-mails. Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References