CVE-2022-3682
9.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Summary
A vulnerability exists in the SDM600 file permission validation. An attacker could exploit the vulnerability by gaining access to the system and uploading a specially crafted message to the system node, which could result in Arbitrary code Executing.
This issue affects: All SDM600 versions prior to version 1.2 FP3 HF4 (Build Nr. 1.2.23000.291)
List of CPEs:
- cpe:2.3:a:hitachienergy:sdm600:1.0:::::::*
- cpe:2.3:a:hitachienergy:sdm600:1.1:::::::*
- cpe:2.3:a:hitachienergy:sdm600:1.2:::::::*
- cpe:2.3:a:hitachienergy:sdm600:1.2.9002.257:::::::*
- cpe:2.3:a:hitachienergy:sdm600:1.2.10002.257:::::::*
- cpe:2.3:a:hitachienergy:sdm600:1.2.11002.149:::::::*
- cpe:2.3:a:hitachienergy:sdm600:1.2.12002.222:::::::*
- cpe:2.3:a:hitachienergy:sdm600:1.2.13002.72:::::::*
- cpe:2.3:a:hitachienergy:sdm600:1.2.14002.44:::::::*
- cpe:2.3:a:hitachienergy:sdm600:1.2.14002.92:::::::*
- cpe:2.3:a:hitachienergy:sdm600:1.2.14002.108:::::::*
- cpe:2.3:a:hitachienergy:sdm600:1.2.14002.182:::::::*
- cpe:2.3:a:hitachienergy:sdm600:1.2.14002.257:::::::*
- cpe:2.3:a:hitachienergy:sdm600:1.2.14002.342:::::::*
- cpe:2.3:a:hitachienergy:sdm600:1.2.14002.447:::::::*
- cpe:2.3:a:hitachienergy:sdm600:1.2.14002.481:::::::*
- cpe:2.3:a:hitachienergy:sdm600:1.2.14002.506:::::::*
- cpe:2.3:a:hitachienergy:sdm600:1.2.14002.566:::::::*
- cpe:2.3:a:hitachienergy:sdm600:1.2.20000.3174:::::::*
- cpe:2.3:a:hitachienergy:sdm600:1.2.21000.291:::::::*
- cpe:2.3:a:hitachienergy:sdm600:1.2.21000.931:::::::*
- cpe:2.3:a:hitachienergy:sdm600:1.2.21000.105:::::::*
- cpe:2.3:a:hitachienergy:sdm600:1.2.23000.291:::::::*
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Hitachi Energy | SDM600 | SDM600 1.3 | unaffected |
| Hitachi Energy | SDM600 | SDM600 1.2 <= SDM600 1.2.* | affected |
| Hitachi Energy | SDM600 | SDM600 1.1 <= SDM600 1.1.* | affected |
| Hitachi Energy | SDM600 | SDM600 1.0; <= SDM600 1.0.* | affected |
Weaknesses
- CWE-434: CWE-434
Workarounds
Apply mitigation as described in the cybersecurity advisory Mitigation Factors/Workarounds Section.
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.