CVE-2022-3353
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A vulnerability exists in the IEC 61850 communication stack that affects multiple Hitachi Energy products.
An attacker could exploit the vulnerability by using a specially crafted message sequence, to force the IEC 61850 MMS-server communication stack, to stop accepting new MMS-client connections.
Already existing/established client-server connections are not affected.
List of affected CPEs:
- cpe:2.3:o:hitachienergy:fox61x_tego1:r15b08:::::::*
- cpe:2.3:o:hitachienergy:fox61x_tego1:r2a16_3:::::::*
- cpe:2.3:o:hitachienergy:fox61x_tego1:r2a16:::::::*
- cpe:2.3:o:hitachienergy:fox61x_tego1:r1e01:::::::*
- cpe:2.3:o:hitachienergy:fox61x_tego1:r1d02:::::::*
- cpe:2.3:o:hitachienergy:fox61x_tego1:r1c07:::::::*
- cpe:2.3:o:hitachienergy:fox61x_tego1:r1b02:::::::*
- cpe:2.3:a:hitachienergy:gms600:1.3.0:::::::*
- cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.1.:::::::
- cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.5.:::::::
- cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.6.0:::::::*
- cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.6.0.1:::::::*
- cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.7.0:::::::*
- cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.7.2:::::::*
- cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.8.0:::::::*
- cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.0.:::::::
- cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.1.0.4:::::::*
- cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.1.0.5:::::::*
- cpe:2.3:a:hitachienergy:microscada_x_sys600:10:::::::*
- cpe:2.3:a:hitachienergy:microscada_x_sys600:10.:::::::
- cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:::::::*
- cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:::::::*
- cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:::::::*
- cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:::::::*
- cpe:2.3:a:hitachienergy:microscada_x_sys600:10.4:::::::*
- cpe:2.3:a:hitachienergy:microscada_x_sys600:10.4.1:::::::*
- cpe:2.3:a:hitachienergy:mms:2.2.3:::::::*
- cpe:2.3:a:hitachienergy:pwc600:1.0:::::::*
- cpe:2.3:a:hitachienergy:pwc600:1.1:::::::*
- cpe:2.3:a:hitachienergy:pwc600:1.2:::::::*
- cpe:2.3:o:hitachienergy:reb500:7::::::::
- cpe:2.3:o:hitachienergy:reb500:8:::::::*
- cpe:2.3:o:hitachienergy:relion670:1.2.:::::::
- cpe:2.3:o:hitachienergy:relion670:2.0.:::::::
- cpe:2.3:o:hitachienergy:relion650:1.1.:::::::
- cpe:2.3:o:hitachienergy:relion650:1.3.:::::::
- cpe:2.3:o:hitachienergy:relion650:2.1.:::::::
- cpe:2.3:o:hitachienergy:relion670:2.1.:::::::
- cpe:2.3:o:hitachienergy:relionSAM600-IO:2.2.1:::::::*
- cpe:2.3:o:hitachienergy:relionSAM600-IO:2.2.5:::::::*
- cpe:2.3:o:hitachienergy:relion670:2.2.:::::::
- cpe:2.3:o:hitachienergy:relion650:2.2.:::::::
- cpe:2.3:o:hitachienergy:rtu500cmu:12..:::::::*
- cpe:2.3:a:hitachienergy:rtu500cmu:13..:::::::*
- cpe:2.3:a:hitachienergy:txpert_hub_coretec_4:2.:::::::
- cpe:2.3:a:hitachienergy:txpert_hub_coretec_4:3.0:::::::*
- cpe:2.3:a:hitachienergy:txpert_hub_coretec_5:3.0:::::::*
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Hitachi Energy | FOX61x TEGO1 | tego1_r16a11 | unaffected |
| Hitachi Energy | FOX61x TEGO1 | tego1_r15b08 | affected |
| Hitachi Energy | FOX61x TEGO1 | tego1_r2a16_03 | affected |
| Hitachi Energy | FOX61x TEGO1 | tego1_r2a16 | affected |
| Hitachi Energy | FOX61x TEGO1 | tego1_r1e01 | affected |
| Hitachi Energy | FOX61x TEGO1 | tego1_r1d02 | affected |
| Hitachi Energy | FOX61x TEGO1 | tego1_r1c07 | affected |
| Hitachi Energy | FOX61x TEGO1 | tego1_r1b02 | affected |
| Hitachi Energy | GMS600 | GMS600 1.3 | affected |
| Hitachi Energy | ITT600 SA Explorer | ITT600 SA Explorer 1.1.0 | affected |
| Hitachi Energy | ITT600 SA Explorer | ITT600 SA Explorer 1.1.1 | affected |
| Hitachi Energy | ITT600 SA Explorer | ITT600 SA Explorer 1.1.2 | affected |
| Hitachi Energy | ITT600 SA Explorer | ITT600 SA Explorer 1.5.0 | affected |
| Hitachi Energy | ITT600 SA Explorer | ITT600 SA Explorer 1.5.1 | affected |
| Hitachi Energy | ITT600 SA Explorer | ITT600 SA Explorer 1.6.0 | affected |
| Hitachi Energy | ITT600 SA Explorer | ITT600 SA Explorer 1.6.0.1 | affected |
| Hitachi Energy | ITT600 SA Explorer | ITT600 SA Explorer 1.7.0 | affected |
| Hitachi Energy | ITT600 SA Explorer | ITT600 SA Explorer 1.7.2 | affected |
| Hitachi Energy | ITT600 SA Explorer | ITT600 SA Explorer 1.8.0 | affected |
| Hitachi Energy | ITT600 SA Explorer | ITT600 SA Explorer 2.0.1 | affected |
| Hitachi Energy | ITT600 SA Explorer | ITT600 SA Explorer 2.0.2 | affected |
| Hitachi Energy | ITT600 SA Explorer | ITT600 SA Explorer 2.0.3 | affected |
| Hitachi Energy | ITT600 SA Explorer | ITT600 SA Explorer 2.0.4.1 | affected |
| Hitachi Energy | ITT600 SA Explorer | ITT600 SA Explorer 2.0.5.0 | affected |
| Hitachi Energy | ITT600 SA Explorer | ITT600 SA Explorer 2.0.5.4 | affected |
| Hitachi Energy | ITT600 SA Explorer | ITT600 SA Explorer 2.1.0.4 | affected |
| Hitachi Energy | ITT600 SA Explorer | ITT600 SA Explorer 2.1.0.5 | affected |
| Hitachi Energy | ITT600 SA Explorer | ITT600 SA Explorer 2.1.1.2 | unaffected |
| Hitachi Energy | MicroSCADA X SYS600 | SYS600 10 | affected |
| Hitachi Energy | MicroSCADA X SYS600 | SYS600 10.1 | affected |
| Hitachi Energy | MicroSCADA X SYS600 | SYS600 10.1.1 | affected |
| Hitachi Energy | MicroSCADA X SYS600 | SYS600 10.2 | affected |
| Hitachi Energy | MicroSCADA X SYS600 | SYS600 10.2.1 | affected |
| Hitachi Energy | MicroSCADA X SYS600 | SYS600 10.3 | affected |
| Hitachi Energy | MicroSCADA X SYS600 | SYS600 10.3.1 | affected |
| Hitachi Energy | MicroSCADA X SYS600 | SYS600 10.4 | affected |
| Hitachi Energy | MicroSCADA X SYS600 | SYS600 10.4.1 | unaffected |
| Hitachi Energy | MSM | MSM 2.2.3;0 | affected |
| Hitachi Energy | PWC600 | PWC600 1.0 | affected |
| Hitachi Energy | PWC600 | PWC600 1.1 | affected |
| Hitachi Energy | PWC600 | PWC600 1.2 | affected |
| Hitachi Energy | REB500 | REB500 7.0 < 7.* | affected |
| Hitachi Energy | REB500 | REB500 8.0 < 8.* | affected |
| Hitachi Energy | REB500 | REB500 8.3.3.0 | unaffected |
| Hitachi Energy | Relion® 670 | Relion 670 1.2 | affected |
| Hitachi Energy | Relion® 670 | Relion 670 2.0 | affected |
| Hitachi Energy | Relion® 670 | Relion 670 version 2.1 | affected |
| Hitachi Energy | Relion® 670 | Relion 670 2.2.0 | affected |
| Hitachi Energy | Relion® 670 | Relion 670 2.2.1 | affected |
| Hitachi Energy | Relion® 670 | Relion 670 2.2.2 | affected |
| Hitachi Energy | Relion® 670 | Relion 670 2.2.3 | affected |
| Hitachi Energy | Relion® 670 | Relion 670 2.2.4 | affected |
| Hitachi Energy | Relion® 670 | Relion 670 2.2.5 | affected |
| Hitachi Energy | Relion® 650 | Relion 650 1.1 | affected |
| Hitachi Energy | Relion® 650 | Relion 650 1.3 | affected |
| Hitachi Energy | Relion® 650 | Relion 650 2.1 | affected |
| Hitachi Energy | Relion® 650 | Relion 650 2.2.0 | affected |
| Hitachi Energy | Relion® 650 | Relion 650 2.2.1 | affected |
| Hitachi Energy | Relion® 650 | Relion 650 2.2.2 | affected |
| Hitachi Energy | Relion® 650 | Relion 650 2.2.3 | affected |
| Hitachi Energy | Relion® 650 | Relion 650 2.2.4 | affected |
| Hitachi Energy | Relion® 650 | Relion 650 2.2.5 | affected |
| Hitachi Energy | SAM600-IO | Relion SAM600-IO 2.2.1 | affected |
| Hitachi Energy | SAM600-IO | Relion SAM600-IO 2.2.5 | affected |
| Hitachi Energy | RTU500 | RTU500 12.0.1 <= 12.0.14 | affected |
| Hitachi Energy | RTU500 | RTU500 12.0.15 | unaffected |
| Hitachi Energy | RTU500 | RTU500 12.2.1 <= 12.2.11 | affected |
| Hitachi Energy | RTU500 | RTU500 12.2.12 | unaffected |
| Hitachi Energy | RTU500 | RTU500 12.4.1 <= 12.4.11 | affected |
| Hitachi Energy | RTU500 | RTU500 12.4.12 | unaffected |
| Hitachi Energy | RTU500 | RTU500 12.6.1 <= 12.6.8 | affected |
| Hitachi Energy | RTU500 | RTU500 12.6.9 | unaffected |
| Hitachi Energy | RTU500 | RTU500 12.7.1 <= 12.7.4 | affected |
| Hitachi Energy | RTU500 | RTU500 12.7.5 | unaffected |
| Hitachi Energy | RTU500 | RTU500 13.2.1 <= 13.2.5 | affected |
| Hitachi Energy | RTU500 | RTU500 13.2.6 | unaffected |
| Hitachi Energy | RTU500 | RTU500 13.3.1 <= 13.3.3 | affected |
| Hitachi Energy | RTU500 | RTU500 13.3.4 | unaffected |
| Hitachi Energy | RTU500 | RTU500 13.4.1 | affected |
| Hitachi Energy | RTU500 | RTU500 13.4.2 | unaffected |
| Hitachi Energy | TXpert Hub CoreTec 4 | CoreTec 4 version 2.0.* | affected |
| Hitachi Energy | TXpert Hub CoreTec 4 | CoreTec 4 version 2.1.* | affected |
| Hitachi Energy | TXpert Hub CoreTec 4 | CoreTec 4 version 2.2.* | affected |
| Hitachi Energy | TXpert Hub CoreTec 4 | CoreTec 4 version 2.3.* | affected |
| Hitachi Energy | TXpert Hub CoreTec 4 | CoreTec 4 version 2.4.* | affected |
| Hitachi Energy | TXpert Hub CoreTec 4 | CoreTec 4 version 3.0.* | affected |
| Hitachi Energy | TXpert Hub CoreTec 5 | CoreTec 5 version 3.0.* | affected |
Weaknesses
- CWE-404: CWE-404 Improper Resource Shutdown or Release
Workarounds
Recommended security practices and firewall configurations can help protect a process control network from attacks that originate from outside the network. Such practices include that process control systems are physically protected from direct access by unauthorized personnel, have no direct connections to the Internet, and are separated from other networks by means of a firewall system that has a minimal number of ports exposed, and others that have to be evaluated case by case. Process control systems should not be used for Internet surfing, instant messaging, or receiving e-mails. Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system.
ADP Enrichment
CVE Program Container
Additional References
- https://search.abb.com/library/Download.aspx?DocumentID=8DBD000125&LanguageCode=en&DocumentPartId=&Action=Launch
- https://search.abb.com/library/Download.aspx?DocumentID=8DBD000126&LanguageCode=en&DocumentPartId=&Action=Launch
- https://search.abb.com/library/Download.aspx?DocumentID=8DBD000128&LanguageCode=en&DocumentPartId=&Action=Launch
- https://search.abb.com/library/Download.aspx?DocumentID=8DBD000133&LanguageCode=en&DocumentPartId=&Action=Launch
- https://search.abb.com/library/Download.aspx?DocumentID=8DBD000129&LanguageCode=en&DocumentPartId=&Action=Launch
- https://search.abb.com/library/Download.aspx?DocumentID=8DBD000130&LanguageCode=en&DocumentPartId=&Action=Launch
- https://search.abb.com/library/Download.aspx?DocumentID=8DBD000131&LanguageCode=en&DocumentPartId=&Action=Launch
- https://search.abb.com/library/Download.aspx?DocumentID=8DBD000127&LanguageCode=en&DocumentPartId=&Action=Launch
- https://search.abb.com/library/Download.aspx?DocumentID=8DBD000132&LanguageCode=en&DocumentPartId=&Action=Launch
- https://search.abb.com/library/Download.aspx?DocumentID=8DBD000124&LanguageCode=en&DocumentPartId=&Action=Launch
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
- https://search.abb.com/library/Download.aspx?DocumentID=8DBD000125&LanguageCode=en&DocumentPartId=&Action=Launch
- https://search.abb.com/library/Download.aspx?DocumentID=8DBD000126&LanguageCode=en&DocumentPartId=&Action=Launch
- https://search.abb.com/library/Download.aspx?DocumentID=8DBD000128&LanguageCode=en&DocumentPartId=&Action=Launch
- https://search.abb.com/library/Download.aspx?DocumentID=8DBD000133&LanguageCode=en&DocumentPartId=&Action=Launch
- https://search.abb.com/library/Download.aspx?DocumentID=8DBD000129&LanguageCode=en&DocumentPartId=&Action=Launch
- https://search.abb.com/library/Download.aspx?DocumentID=8DBD000130&LanguageCode=en&DocumentPartId=&Action=Launch
- https://search.abb.com/library/Download.aspx?DocumentID=8DBD000131&LanguageCode=en&DocumentPartId=&Action=Launch
- https://search.abb.com/library/Download.aspx?DocumentID=8DBD000127&LanguageCode=en&DocumentPartId=&Action=Launch
- https://search.abb.com/library/Download.aspx?DocumentID=8DBD000132&LanguageCode=en&DocumentPartId=&Action=Launch
- https://search.abb.com/library/Download.aspx?DocumentID=8DBD000124&LanguageCode=en&DocumentPartId=&Action=Launch
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.