CVE-2022-3684
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A vulnerability exists in a SDM600 endpoint. An attacker could exploit this vulnerability by running multiple parallel requests, the SDM600 web services become busy rendering the application unresponsive. This issue affects: All SDM600 versions prior to version 1.2 FP3 HF4 (Build Nr. 1.2.23000.291)
List of CPEs:
- cpe:2.3:a:hitachienergy:sdm600:1.0:::::::*
- cpe:2.3:a:hitachienergy:sdm600:1.1:::::::*
- cpe:2.3:a:hitachienergy:sdm600:1.2:::::::*
- cpe:2.3:a:hitachienergy:sdm600:1.2.9002.257:::::::*
- cpe:2.3:a:hitachienergy:sdm600:1.2.10002.257:::::::*
- cpe:2.3:a:hitachienergy:sdm600:1.2.11002.149:::::::*
- cpe:2.3:a:hitachienergy:sdm600:1.2.12002.222:::::::*
- cpe:2.3:a:hitachienergy:sdm600:1.2.13002.72:::::::*
- cpe:2.3:a:hitachienergy:sdm600:1.2.14002.44:::::::*
- cpe:2.3:a:hitachienergy:sdm600:1.2.14002.92:::::::*
- cpe:2.3:a:hitachienergy:sdm600:1.2.14002.108:::::::*
- cpe:2.3:a:hitachienergy:sdm600:1.2.14002.182:::::::*
- cpe:2.3:a:hitachienergy:sdm600:1.2.14002.257:::::::*
- cpe:2.3:a:hitachienergy:sdm600:1.2.14002.342:::::::*
- cpe:2.3:a:hitachienergy:sdm600:1.2.14002.447:::::::*
- cpe:2.3:a:hitachienergy:sdm600:1.2.14002.481:::::::*
- cpe:2.3:a:hitachienergy:sdm600:1.2.14002.506:::::::*
- cpe:2.3:a:hitachienergy:sdm600:1.2.14002.566:::::::*
- cpe:2.3:a:hitachienergy:sdm600:1.2.20000.3174:::::::*
- cpe:2.3:a:hitachienergy:sdm600:1.2.21000.291:::::::*
- cpe:2.3:a:hitachienergy:sdm600:1.2.21000.931:::::::*
- cpe:2.3:a:hitachienergy:sdm600:1.2.21000.105:::::::*
- cpe:2.3:a:hitachienergy:sdm600:1.2.23000.291:::::::*
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Hitachi Energy | SDM600 | SDM600 1.3 | unaffected |
| Hitachi Energy | SDM600 | SDM600 1.2 <= SDM600 1.2.* | affected |
| Hitachi Energy | SDM600 | SDM600 1.1 <= SDM600 1.1.* | affected |
| Hitachi Energy | SDM600 | SDM600 1.0 <= SDM600 1.0.* | affected |
Weaknesses
- CWE-404: CWE-404 Improper Resource Shutdown or Release
Workarounds
Apply mitigation as described in the cybersecurity advisory Mitigation Factors/Workarounds Section.
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.