CVE-2022-3864
4.5
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H
Summary
A vulnerability exists in the Relion update package signature validation. A tampered update package could cause the IED to restart. After restart the device is back to normal operation. An attacker could exploit the vulnerability by first gaining access to the system with security privileges and attempt to update the IED with a malicious update package. Successful exploitation of this vulnerability will cause the IED to restart, causing a temporary Denial of Service.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Hitachi Energy | Relion 670/650/SAM600-IO Series | Relion 670/650 series version 2.2.0 all revisions | affected |
| Hitachi Energy | Relion 670/650/SAM600-IO Series | Relion 670/650/SAM600-IO series version 2.2.1 all revisions | affected |
| Hitachi Energy | Relion 670/650/SAM600-IO Series | Relion 670 series version 2.2.2 all revisions | affected |
| Hitachi Energy | Relion 670/650/SAM600-IO Series | Relion 670 series version 2.2.3 all revisions | affected |
| Hitachi Energy | Relion 670/650/SAM600-IO Series | Relion 670/650 series version 2.2.4 all revisions | affected |
| Hitachi Energy | Relion 670/650/SAM600-IO Series | Relion 670/650 series version 2.2.5 all revisions | affected |
Weaknesses
- CWE-347: CWE-347 Improper Verification of Cryptographic Signature
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.