Search criteria
14 vulnerabilities found for SDM600 by Hitachi Energy
CVE-2024-2378 (GCVE-0-2024-2378)
Vulnerability from cvelistv5 – Published: 2024-04-30 12:58 – Updated: 2024-08-01 19:11
VLAI?
Summary
A vulnerability exists in the web-authentication component of the SDM600. If exploited an attacker could escalate privileges on af-fected installations.
Severity ?
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hitachi Energy | SDM600 |
Affected:
1.x , < 1.3.4
(custom)
Unaffected: 1.3.4.572 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hitachienergy:sdm600:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sdm600",
"vendor": "hitachienergy",
"versions": [
{
"lessThan": "1.3.4.572",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2378",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-30T13:54:30.399831Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:29:26.895Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:11:53.375Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000191\u0026languageCode=en\u0026Preview=true"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SDM600",
"vendor": "Hitachi Energy",
"versions": [
{
"lessThan": "1.3.4",
"status": "affected",
"version": "1.x",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.3.4.572"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability exists in the web-authentication component of the SDM600. If exploited an attacker could escalate privileges on af-fected installations."
}
],
"value": "A vulnerability exists in the web-authentication component of the SDM600. If exploited an attacker could escalate privileges on af-fected installations."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-30T12:58:21.972Z",
"orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"shortName": "Hitachi Energy"
},
"references": [
{
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000191\u0026languageCode=en\u0026Preview=true"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"assignerShortName": "Hitachi Energy",
"cveId": "CVE-2024-2378",
"datePublished": "2024-04-30T12:58:21.972Z",
"dateReserved": "2024-03-11T14:06:13.544Z",
"dateUpdated": "2024-08-01T19:11:53.375Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2377 (GCVE-0-2024-2377)
Vulnerability from cvelistv5 – Published: 2024-04-30 12:55 – Updated: 2024-08-01 19:11
VLAI?
Summary
A vulnerability exists in the too permissive HTTP response header web server settings of the SDM600. An attacker can take advantage of this and possibly carry out privileged actions and access sensitive information.
Severity ?
7.6 (High)
CWE
- CWE-346 - Origin Validation Error
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hitachi Energy | SDM600 |
Affected:
0 , < 1.3.4
(custom)
Unaffected: 1.3.4.572 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:hitachienergy:sdm600:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sdm600",
"vendor": "hitachienergy",
"versions": [
{
"lessThan": "1.3.4.572",
"status": "affected",
"version": "-",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2377",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-01T14:38:02.963543Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:30:39.392Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:11:53.467Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000191\u0026languageCode=en\u0026Preview=true"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SDM600",
"vendor": "Hitachi Energy",
"versions": [
{
"lessThan": "1.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.3.4.572"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability exists in the too permissive HTTP response header web server settings of the SDM600. An attacker can take advantage of this and possibly carry out privileged actions and access sensitive information."
}
],
"value": "A vulnerability exists in the too permissive HTTP response header web server settings of the SDM600. An attacker can take advantage of this and possibly carry out privileged actions and access sensitive information."
}
],
"impacts": [
{
"capecId": "CAPEC-234",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-234 Hijacking a privileged process"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-346",
"description": "CWE-346 Origin Validation Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-30T12:55:20.956Z",
"orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"shortName": "Hitachi Energy"
},
"references": [
{
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000191\u0026languageCode=en\u0026Preview=true"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"assignerShortName": "Hitachi Energy",
"cveId": "CVE-2024-2377",
"datePublished": "2024-04-30T12:55:20.956Z",
"dateReserved": "2024-03-11T14:03:45.510Z",
"dateUpdated": "2024-08-01T19:11:53.467Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3685 (GCVE-0-2022-3685)
Vulnerability from cvelistv5 – Published: 2023-03-28 13:00 – Updated: 2025-02-18 20:24
VLAI?
Title
SDM600 software privilege level
Summary
A vulnerability exists in the SDM600 software. The software operates at a privilege level that is higher than the minimum level required. An attacker who successfully exploits this vulnerability can escalate privileges.
This issue affects: All SDM600 versions prior to version 1.3.0.
List of CPEs:
* cpe:2.3:a:hitachienergy:sdm600:1.0:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.1:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.9002.257:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.10002.257:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.11002.149:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.12002.222:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.13002.72:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.44:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.92:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.108:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.182:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.257:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.342:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.447:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.481:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.506:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.566:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.20000.3174:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.21000.291:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.21000.931:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.21000.105:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.23000.291:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.3.0.1339:*:*:*:*:*:*:*
Severity ?
7.5 (High)
CWE
- CWE-285 - Improper Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hitachi Energy | SDM600 |
Affected:
SDM600 1.3
Affected: SDM600 1.2 , ≤ SDM600 1.2.* (custom) Affected: SDM600 1.1 , ≤ SDM600 1.1.* (custom) Affected: SDM600 1.0 , ≤ SDM600 1.0.* (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:14:03.309Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000138\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3685",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-18T20:24:38.574514Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T20:24:50.117Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SDM600",
"vendor": "Hitachi Energy",
"versions": [
{
"status": "affected",
"version": "SDM600 1.3"
},
{
"lessThanOrEqual": "SDM600 1.2.*",
"status": "affected",
"version": "SDM600 1.2",
"versionType": "custom"
},
{
"lessThanOrEqual": "SDM600 1.1.*",
"status": "affected",
"version": "SDM600 1.1",
"versionType": "custom"
},
{
"lessThanOrEqual": "SDM600 1.0.*",
"status": "affected",
"version": "SDM600 1.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-03-28T12:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA vulnerability exists in the SDM600 software. The software operates at a privilege level that is higher than the minimum level required. An attacker who successfully exploits this vulnerability can escalate privileges.\u003c/span\u003e\n\n\u003cbr\u003e\u003cbr\u003eThis issue affects:\u0026nbsp;All SDM600 versions prior to version 1.3.0.\u003cbr\u003e\u003cbr\u003e \n\nList of CPEs:\n\n\u003cbr\u003e\u003cul\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.0:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.1:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.9002.257:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.10002.257:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.11002.149:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.12002.222:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.13002.72:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.44:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.92:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.108:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.182:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.257:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.342:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.447:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.481:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.506:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.566:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.20000.3174:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.21000.291:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.21000.931:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.21000.105:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.23000.291:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.3.0.1339:*:*:*:*:*:*:*\u003cbr\u003e\u003cbr\u003e\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "\nA vulnerability exists in the SDM600 software. The software operates at a privilege level that is higher than the minimum level required. An attacker who successfully exploits this vulnerability can escalate privileges.\n\n\n\nThis issue affects:\u00a0All SDM600 versions prior to version 1.3.0.\n\n \n\nList of CPEs:\n\n\n * cpe:2.3:a:hitachienergy:sdm600:1.0:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.1:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.9002.257:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.10002.257:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.11002.149:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.12002.222:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.13002.72:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.44:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.92:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.108:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.182:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.257:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.342:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.447:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.481:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.506:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.566:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.20000.3174:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.21000.291:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.21000.931:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.21000.105:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.23000.291:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.3.0.1339:*:*:*:*:*:*:*\n\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285:Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-03T06:48:10.639Z",
"orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"shortName": "Hitachi Energy"
},
"references": [
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000138\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "SDM600 software privilege level",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Apply mitigation as described in the cybersecurity advisory Mitigation Factors/Workarounds Section."
}
],
"value": "Apply mitigation as described in the cybersecurity advisory Mitigation Factors/Workarounds Section."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"assignerShortName": "Hitachi Energy",
"cveId": "CVE-2022-3685",
"datePublished": "2023-03-28T13:00:13.800Z",
"dateReserved": "2022-10-26T06:03:12.473Z",
"dateUpdated": "2025-02-18T20:24:50.117Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3686 (GCVE-0-2022-3686)
Vulnerability from cvelistv5 – Published: 2023-03-28 12:57 – Updated: 2025-02-18 20:25
VLAI?
Title
SDM600 API permission check
Summary
A vulnerability exists in a SDM600 endpoint.
An attacker could exploit this vulnerability by running multiple parallel requests, the SDM600 web services become busy rendering the application unresponsive.
This issue affects: All SDM600 versions prior to version 1.2 FP3 HF4 (Build Nr. 1.2.23000.291)
List of CPEs:
* cpe:2.3:a:hitachienergy:sdm600:1.0:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.1:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.9002.257:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.10002.257:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.11002.149:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.12002.222:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.13002.72:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.44:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.92:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.108:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.182:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.257:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.342:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.447:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.481:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.506:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.566:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.20000.3174:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.21000.291:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.21000.931:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.21000.105:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.23000.291:*:*:*:*:*:*:*
Severity ?
4.8 (Medium)
CWE
- CWE-285 - Improper Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hitachi Energy | SDM600 |
Unaffected:
SDM600 1.3
Affected: SDM600 1.2 , ≤ SDM600 1.2.* (custom) Affected: SDM600 1.1 , ≤ SDM600 1.1.* (custom) Affected: SDM600 1.0 , ≤ SDM600 1.0.* (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:14:03.374Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000138\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3686",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-18T20:25:28.136869Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T20:25:39.042Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SDM600",
"vendor": "Hitachi Energy",
"versions": [
{
"status": "unaffected",
"version": "SDM600 1.3"
},
{
"lessThanOrEqual": "SDM600 1.2.*",
"status": "affected",
"version": "SDM600 1.2",
"versionType": "custom"
},
{
"lessThanOrEqual": "SDM600 1.1.*",
"status": "affected",
"version": "SDM600 1.1",
"versionType": "custom"
},
{
"lessThanOrEqual": "SDM600 1.0.*",
"status": "affected",
"version": "SDM600 1.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-03-28T12:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability exists in a SDM600 endpoint.\u003cbr\u003eAn attacker could exploit this vulnerability by running multiple parallel requests, the SDM600 web services become busy rendering the application unresponsive.\u003cbr\u003eThis issue affects:\u0026nbsp;All SDM600 versions prior to version 1.2 FP3 HF4 (Build Nr. 1.2.23000.291)\u003cbr\u003e\u003cbr\u003e \n\nList of CPEs:\n\n\u003cbr\u003e\u003cul\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.0:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.1:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.9002.257:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.10002.257:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.11002.149:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.12002.222:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.13002.72:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.44:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.92:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.108:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.182:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.257:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.342:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.447:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.481:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.506:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.566:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.20000.3174:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.21000.291:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.21000.931:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.21000.105:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.23000.291:*:*:*:*:*:*:*\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "A vulnerability exists in a SDM600 endpoint.\nAn attacker could exploit this vulnerability by running multiple parallel requests, the SDM600 web services become busy rendering the application unresponsive.\nThis issue affects:\u00a0All SDM600 versions prior to version 1.2 FP3 HF4 (Build Nr. 1.2.23000.291)\n\n \n\nList of CPEs:\n\n\n * cpe:2.3:a:hitachienergy:sdm600:1.0:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.1:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.9002.257:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.10002.257:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.11002.149:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.12002.222:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.13002.72:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.44:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.92:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.108:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.182:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.257:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.342:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.447:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.481:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.506:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.566:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.20000.3174:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.21000.291:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.21000.931:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.21000.105:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.23000.291:*:*:*:*:*:*:*\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285:Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-28T12:57:11.113Z",
"orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"shortName": "Hitachi Energy"
},
"references": [
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000138\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability is remediated in SDM600 1.3.0.1339.\u003cbr\u003ePlease update to SDM600 1.3.0.1339 version or apply mitigation as described in the Mitigation Factors/Workarounds Section.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "The vulnerability is remediated in SDM600 1.3.0.1339.\nPlease update to SDM600 1.3.0.1339 version or apply mitigation as described in the Mitigation Factors/Workarounds Section.\n\n"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "SDM600 API permission check",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Apply mitigation as described in the cybersecurity advisory Mitigation Factors/Workarounds Section."
}
],
"value": "Apply mitigation as described in the cybersecurity advisory Mitigation Factors/Workarounds Section."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"assignerShortName": "Hitachi Energy",
"cveId": "CVE-2022-3686",
"datePublished": "2023-03-28T12:57:11.113Z",
"dateReserved": "2022-10-26T06:03:14.525Z",
"dateUpdated": "2025-02-18T20:25:39.042Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3684 (GCVE-0-2022-3684)
Vulnerability from cvelistv5 – Published: 2023-03-28 12:49 – Updated: 2025-02-19 15:27
VLAI?
Title
SDM600 endpoint vulnerability
Summary
A vulnerability exists in a SDM600 endpoint.
An attacker could exploit this vulnerability by running multiple parallel requests, the SDM600 web services become busy rendering the application unresponsive.
This issue affects: All SDM600 versions prior to version 1.2 FP3 HF4 (Build Nr. 1.2.23000.291)
List of CPEs:
* cpe:2.3:a:hitachienergy:sdm600:1.0:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.1:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.9002.257:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.10002.257:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.11002.149:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.12002.222:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.13002.72:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.44:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.92:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.108:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.182:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.257:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.342:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.447:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.481:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.506:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.566:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.20000.3174:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.21000.291:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.21000.931:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.21000.105:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.23000.291:*:*:*:*:*:*:*
Severity ?
7.5 (High)
CWE
- CWE-404 - Improper Resource Shutdown or Release
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hitachi Energy | SDM600 |
Unaffected:
SDM600 1.3
Affected: SDM600 1.2 , ≤ SDM600 1.2.* (custom) Affected: SDM600 1.1 , ≤ SDM600 1.1.* (custom) Affected: SDM600 1.0 , ≤ SDM600 1.0.* (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:14:03.269Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000138\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3684",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-19T15:27:14.520212Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-19T15:27:23.084Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SDM600",
"vendor": "Hitachi Energy",
"versions": [
{
"status": "unaffected",
"version": "SDM600 1.3"
},
{
"lessThanOrEqual": "SDM600 1.2.*",
"status": "affected",
"version": "SDM600 1.2",
"versionType": "custom"
},
{
"lessThanOrEqual": "SDM600 1.1.*",
"status": "affected",
"version": "SDM600 1.1",
"versionType": "custom"
},
{
"lessThanOrEqual": "SDM600 1.0.*",
"status": "affected",
"version": "SDM600 1.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-03-28T12:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability exists in a SDM600 endpoint.\u003cbr\u003eAn attacker could exploit this vulnerability by running multiple parallel requests, the SDM600 web services become busy rendering the application unresponsive.\u003cbr\u003eThis issue affects:\u0026nbsp;All SDM600 versions prior to version 1.2 FP3 HF4 (Build Nr. 1.2.23000.291)\u003cbr\u003e\u003cbr\u003e \n\nList of CPEs:\n\n\u003cbr\u003e\u003cul\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.0:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.1:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.9002.257:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.10002.257:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.11002.149:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.12002.222:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.13002.72:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.44:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.92:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.108:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.182:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.257:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.342:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.447:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.481:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.506:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.566:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.20000.3174:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.21000.291:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.21000.931:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.21000.105:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.23000.291:*:*:*:*:*:*:*\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "A vulnerability exists in a SDM600 endpoint.\nAn attacker could exploit this vulnerability by running multiple parallel requests, the SDM600 web services become busy rendering the application unresponsive.\nThis issue affects:\u00a0All SDM600 versions prior to version 1.2 FP3 HF4 (Build Nr. 1.2.23000.291)\n\n \n\nList of CPEs:\n\n\n * cpe:2.3:a:hitachienergy:sdm600:1.0:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.1:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.9002.257:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.10002.257:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.11002.149:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.12002.222:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.13002.72:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.44:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.92:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.108:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.182:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.257:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.342:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.447:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.481:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.506:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.566:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.20000.3174:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.21000.291:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.21000.931:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.21000.105:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.23000.291:*:*:*:*:*:*:*\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "CWE-404 Improper Resource Shutdown or Release",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-28T12:49:36.714Z",
"orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"shortName": "Hitachi Energy"
},
"references": [
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000138\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability is remediated in SDM600 1.3.0.1339.\u003cbr\u003ePlease update to SDM600 1.3.0.1339 version or apply mitigation as described in the Mitigation Factors/Workarounds Section.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "The vulnerability is remediated in SDM600 1.3.0.1339.\nPlease update to SDM600 1.3.0.1339 version or apply mitigation as described in the Mitigation Factors/Workarounds Section.\n\n"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "SDM600 endpoint vulnerability ",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Apply mitigation as described in the cybersecurity advisory Mitigation Factors/Workarounds Section."
}
],
"value": "Apply mitigation as described in the cybersecurity advisory Mitigation Factors/Workarounds Section."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"assignerShortName": "Hitachi Energy",
"cveId": "CVE-2022-3684",
"datePublished": "2023-03-28T12:49:36.714Z",
"dateReserved": "2022-10-26T06:02:30.400Z",
"dateUpdated": "2025-02-19T15:27:23.084Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3683 (GCVE-0-2022-3683)
Vulnerability from cvelistv5 – Published: 2023-03-28 12:28 – Updated: 2025-02-18 20:28
VLAI?
Title
SDM600 API web services authorization validation
Summary
A vulnerability exists in the SDM600 API web services authorization validation implementation.
An attacker who successfully exploits the vulnerability could read data directly from a data store that is not restricted, or insufficiently protected, having access to sensitive data.
This issue affects: All SDM600 versions prior to version 1.2 FP3 HF4 (Build Nr. 1.2.23000.291)
List of CPEs:
* cpe:2.3:a:hitachienergy:sdm600:1.0:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.1:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.9002.257:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.10002.257:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.11002.149:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.12002.222:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.13002.72:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.44:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.92:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.108:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.182:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.257:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.342:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.447:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.481:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.506:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.566:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.20000.3174:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.21000.291:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.21000.931:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.21000.105:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.23000.291:*:*:*:*:*:*:*
Severity ?
7.7 (High)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hitachi Energy | SDM600 |
Unaffected:
SDM600 1.3
Affected: SDM600 1.2 , ≤ SDM600 1.2.* (custom) Affected: SDM600 1.1 , ≤ SDM600 1.1.* (custom) Affected: SDM600 1.0 , ≤ SDM600 1.0.* (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:14:03.245Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000138\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3683",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-18T20:28:19.621081Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T20:28:27.275Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SDM600",
"vendor": "Hitachi Energy",
"versions": [
{
"status": "unaffected",
"version": "SDM600 1.3"
},
{
"lessThanOrEqual": "SDM600 1.2.*",
"status": "affected",
"version": "SDM600 1.2",
"versionType": "custom"
},
{
"lessThanOrEqual": "SDM600 1.1.*",
"status": "affected",
"version": "SDM600 1.1",
"versionType": "custom"
},
{
"lessThanOrEqual": "SDM600 1.0.*",
"status": "affected",
"version": "SDM600 1.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-03-28T12:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability exists in the SDM600 API web services authorization validation implementation. \u003cbr\u003eAn attacker who successfully exploits the vulnerability could read data directly from a data store that is not restricted, or insufficiently protected, having access to sensitive data.\u003cbr\u003e\u003cbr\u003e\n\nThis issue affects:\u0026nbsp;All SDM600 versions prior to version 1.2 FP3 HF4 (Build Nr. 1.2.23000.291)\u003cbr\u003e\u003cbr\u003e \n\nList of CPEs:\n\n\u003cbr\u003e\u003cul\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.0:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.1:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.9002.257:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.10002.257:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.11002.149:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.12002.222:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.13002.72:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.44:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.92:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.108:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.182:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.257:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.342:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.447:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.481:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.506:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.566:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.20000.3174:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.21000.291:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.21000.931:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.21000.105:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.23000.291:*:*:*:*:*:*:*\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "A vulnerability exists in the SDM600 API web services authorization validation implementation. \nAn attacker who successfully exploits the vulnerability could read data directly from a data store that is not restricted, or insufficiently protected, having access to sensitive data.\n\n\n\nThis issue affects:\u00a0All SDM600 versions prior to version 1.2 FP3 HF4 (Build Nr. 1.2.23000.291)\n\n \n\nList of CPEs:\n\n\n * cpe:2.3:a:hitachienergy:sdm600:1.0:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.1:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.9002.257:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.10002.257:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.11002.149:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.12002.222:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.13002.72:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.44:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.92:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.108:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.182:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.257:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.342:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.447:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.481:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.506:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.566:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.20000.3174:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.21000.291:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.21000.931:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.21000.105:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.23000.291:*:*:*:*:*:*:*\n\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-28T12:28:37.543Z",
"orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"shortName": "Hitachi Energy"
},
"references": [
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000138\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability is remediated in SDM600 1.3.0.1339.\u003cbr\u003ePlease update to SDM600 1.3.0.1339 version or apply mitigation as described in the Mitigation Factors/Workarounds Section.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "The vulnerability is remediated in SDM600 1.3.0.1339.\nPlease update to SDM600 1.3.0.1339 version or apply mitigation as described in the Mitigation Factors/Workarounds Section.\n\n"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "SDM600 API web services authorization validation",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Apply mitigation as described in the cybersecurity advisory Mitigation Factors/Workarounds Section."
}
],
"value": "Apply mitigation as described in the cybersecurity advisory Mitigation Factors/Workarounds Section."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"assignerShortName": "Hitachi Energy",
"cveId": "CVE-2022-3683",
"datePublished": "2023-03-28T12:28:37.543Z",
"dateReserved": "2022-10-26T06:02:11.393Z",
"dateUpdated": "2025-02-18T20:28:27.275Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3682 (GCVE-0-2022-3682)
Vulnerability from cvelistv5 – Published: 2023-03-28 11:36 – Updated: 2025-02-18 19:34
VLAI?
Title
SDM600 file permission validation
Summary
A vulnerability exists in the SDM600 file permission validation.
An attacker could exploit the vulnerability by gaining access to the system and uploading a specially crafted message to the system node, which could result in Arbitrary code Executing.
This issue affects: All SDM600 versions prior to version 1.2 FP3 HF4 (Build Nr. 1.2.23000.291)
List of CPEs:
* cpe:2.3:a:hitachienergy:sdm600:1.0:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.1:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.9002.257:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.10002.257:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.11002.149:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.12002.222:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.13002.72:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.44:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.92:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.108:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.182:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.257:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.342:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.447:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.481:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.506:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.566:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.20000.3174:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.21000.291:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.21000.931:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.21000.105:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.23000.291:*:*:*:*:*:*:*
Severity ?
9.9 (Critical)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hitachi Energy | SDM600 |
Unaffected:
SDM600 1.3
Affected: SDM600 1.2 , ≤ SDM600 1.2.* (custom) Affected: SDM600 1.1 , ≤ SDM600 1.1.* (custom) Affected: SDM600 1.0; , ≤ SDM600 1.0.* (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:14:03.359Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000138\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3682",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-18T19:32:43.632377Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T19:34:11.076Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SDM600",
"vendor": "Hitachi Energy",
"versions": [
{
"status": "unaffected",
"version": "SDM600 1.3"
},
{
"lessThanOrEqual": "SDM600 1.2.*",
"status": "affected",
"version": "SDM600 1.2",
"versionType": "custom"
},
{
"lessThanOrEqual": "SDM600 1.1.*",
"status": "affected",
"version": "SDM600 1.1",
"versionType": "custom"
},
{
"lessThanOrEqual": "SDM600 1.0.*",
"status": "affected",
"version": "SDM600 1.0;",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability exists in the SDM600 file permission validation. \u003cbr\u003eAn attacker could exploit the vulnerability by gaining access to the system and uploading a specially crafted message to the system node, which could result in Arbitrary code Executing.\u003cbr\u003e\u003cbr\u003e\n\nThis issue affects:\u0026nbsp;All SDM600 versions prior to version 1.2 FP3 HF4 (Build Nr. 1.2.23000.291)\u003cbr\u003e\u003cbr\u003e \n\nList of CPEs:\n\n\u003cbr\u003e\u003cul\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.0:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.1:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.9002.257:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.10002.257:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.11002.149:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.12002.222:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.13002.72:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.44:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.92:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.108:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.182:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.257:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.342:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.447:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.481:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.506:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.566:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.20000.3174:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.21000.291:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.21000.931:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.21000.105:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.23000.291:*:*:*:*:*:*:*\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "A vulnerability exists in the SDM600 file permission validation. \nAn attacker could exploit the vulnerability by gaining access to the system and uploading a specially crafted message to the system node, which could result in Arbitrary code Executing.\n\n\n\nThis issue affects:\u00a0All SDM600 versions prior to version 1.2 FP3 HF4 (Build Nr. 1.2.23000.291)\n\n \n\nList of CPEs:\n\n\n * cpe:2.3:a:hitachienergy:sdm600:1.0:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.1:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.9002.257:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.10002.257:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.11002.149:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.12002.222:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.13002.72:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.44:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.92:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.108:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.182:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.257:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.342:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.447:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.481:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.506:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.566:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.20000.3174:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.21000.291:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.21000.931:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.21000.105:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.23000.291:*:*:*:*:*:*:*\n\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-28T11:36:37.421Z",
"orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"shortName": "Hitachi Energy"
},
"references": [
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000138\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability is remediated in SDM600 1.3.0.1339.\u003cbr\u003ePlease update to SDM600 1.3.0.1339 version or apply mitigation as described in the Mitigation Factors/Workarounds Section.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "The vulnerability is remediated in SDM600 1.3.0.1339.\nPlease update to SDM600 1.3.0.1339 version or apply mitigation as described in the Mitigation Factors/Workarounds Section.\n\n"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "SDM600 file permission validation",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Apply mitigation as described in the cybersecurity advisory Mitigation Factors/Workarounds Section."
}
],
"value": "Apply mitigation as described in the cybersecurity advisory Mitigation Factors/Workarounds Section."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"assignerShortName": "Hitachi Energy",
"cveId": "CVE-2022-3682",
"datePublished": "2023-03-28T11:36:37.421Z",
"dateReserved": "2022-10-26T06:01:29.284Z",
"dateUpdated": "2025-02-18T19:34:11.076Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2378 (GCVE-0-2024-2378)
Vulnerability from nvd – Published: 2024-04-30 12:58 – Updated: 2024-08-01 19:11
VLAI?
Summary
A vulnerability exists in the web-authentication component of the SDM600. If exploited an attacker could escalate privileges on af-fected installations.
Severity ?
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hitachi Energy | SDM600 |
Affected:
1.x , < 1.3.4
(custom)
Unaffected: 1.3.4.572 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hitachienergy:sdm600:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sdm600",
"vendor": "hitachienergy",
"versions": [
{
"lessThan": "1.3.4.572",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2378",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-30T13:54:30.399831Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:29:26.895Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:11:53.375Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000191\u0026languageCode=en\u0026Preview=true"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SDM600",
"vendor": "Hitachi Energy",
"versions": [
{
"lessThan": "1.3.4",
"status": "affected",
"version": "1.x",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.3.4.572"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability exists in the web-authentication component of the SDM600. If exploited an attacker could escalate privileges on af-fected installations."
}
],
"value": "A vulnerability exists in the web-authentication component of the SDM600. If exploited an attacker could escalate privileges on af-fected installations."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-30T12:58:21.972Z",
"orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"shortName": "Hitachi Energy"
},
"references": [
{
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000191\u0026languageCode=en\u0026Preview=true"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"assignerShortName": "Hitachi Energy",
"cveId": "CVE-2024-2378",
"datePublished": "2024-04-30T12:58:21.972Z",
"dateReserved": "2024-03-11T14:06:13.544Z",
"dateUpdated": "2024-08-01T19:11:53.375Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2377 (GCVE-0-2024-2377)
Vulnerability from nvd – Published: 2024-04-30 12:55 – Updated: 2024-08-01 19:11
VLAI?
Summary
A vulnerability exists in the too permissive HTTP response header web server settings of the SDM600. An attacker can take advantage of this and possibly carry out privileged actions and access sensitive information.
Severity ?
7.6 (High)
CWE
- CWE-346 - Origin Validation Error
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hitachi Energy | SDM600 |
Affected:
0 , < 1.3.4
(custom)
Unaffected: 1.3.4.572 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:hitachienergy:sdm600:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sdm600",
"vendor": "hitachienergy",
"versions": [
{
"lessThan": "1.3.4.572",
"status": "affected",
"version": "-",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2377",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-01T14:38:02.963543Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:30:39.392Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:11:53.467Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000191\u0026languageCode=en\u0026Preview=true"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SDM600",
"vendor": "Hitachi Energy",
"versions": [
{
"lessThan": "1.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.3.4.572"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability exists in the too permissive HTTP response header web server settings of the SDM600. An attacker can take advantage of this and possibly carry out privileged actions and access sensitive information."
}
],
"value": "A vulnerability exists in the too permissive HTTP response header web server settings of the SDM600. An attacker can take advantage of this and possibly carry out privileged actions and access sensitive information."
}
],
"impacts": [
{
"capecId": "CAPEC-234",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-234 Hijacking a privileged process"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-346",
"description": "CWE-346 Origin Validation Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-30T12:55:20.956Z",
"orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"shortName": "Hitachi Energy"
},
"references": [
{
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000191\u0026languageCode=en\u0026Preview=true"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"assignerShortName": "Hitachi Energy",
"cveId": "CVE-2024-2377",
"datePublished": "2024-04-30T12:55:20.956Z",
"dateReserved": "2024-03-11T14:03:45.510Z",
"dateUpdated": "2024-08-01T19:11:53.467Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3685 (GCVE-0-2022-3685)
Vulnerability from nvd – Published: 2023-03-28 13:00 – Updated: 2025-02-18 20:24
VLAI?
Title
SDM600 software privilege level
Summary
A vulnerability exists in the SDM600 software. The software operates at a privilege level that is higher than the minimum level required. An attacker who successfully exploits this vulnerability can escalate privileges.
This issue affects: All SDM600 versions prior to version 1.3.0.
List of CPEs:
* cpe:2.3:a:hitachienergy:sdm600:1.0:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.1:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.9002.257:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.10002.257:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.11002.149:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.12002.222:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.13002.72:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.44:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.92:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.108:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.182:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.257:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.342:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.447:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.481:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.506:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.566:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.20000.3174:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.21000.291:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.21000.931:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.21000.105:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.23000.291:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.3.0.1339:*:*:*:*:*:*:*
Severity ?
7.5 (High)
CWE
- CWE-285 - Improper Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hitachi Energy | SDM600 |
Affected:
SDM600 1.3
Affected: SDM600 1.2 , ≤ SDM600 1.2.* (custom) Affected: SDM600 1.1 , ≤ SDM600 1.1.* (custom) Affected: SDM600 1.0 , ≤ SDM600 1.0.* (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:14:03.309Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000138\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3685",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-18T20:24:38.574514Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T20:24:50.117Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SDM600",
"vendor": "Hitachi Energy",
"versions": [
{
"status": "affected",
"version": "SDM600 1.3"
},
{
"lessThanOrEqual": "SDM600 1.2.*",
"status": "affected",
"version": "SDM600 1.2",
"versionType": "custom"
},
{
"lessThanOrEqual": "SDM600 1.1.*",
"status": "affected",
"version": "SDM600 1.1",
"versionType": "custom"
},
{
"lessThanOrEqual": "SDM600 1.0.*",
"status": "affected",
"version": "SDM600 1.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-03-28T12:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA vulnerability exists in the SDM600 software. The software operates at a privilege level that is higher than the minimum level required. An attacker who successfully exploits this vulnerability can escalate privileges.\u003c/span\u003e\n\n\u003cbr\u003e\u003cbr\u003eThis issue affects:\u0026nbsp;All SDM600 versions prior to version 1.3.0.\u003cbr\u003e\u003cbr\u003e \n\nList of CPEs:\n\n\u003cbr\u003e\u003cul\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.0:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.1:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.9002.257:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.10002.257:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.11002.149:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.12002.222:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.13002.72:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.44:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.92:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.108:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.182:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.257:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.342:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.447:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.481:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.506:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.566:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.20000.3174:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.21000.291:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.21000.931:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.21000.105:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.23000.291:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.3.0.1339:*:*:*:*:*:*:*\u003cbr\u003e\u003cbr\u003e\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "\nA vulnerability exists in the SDM600 software. The software operates at a privilege level that is higher than the minimum level required. An attacker who successfully exploits this vulnerability can escalate privileges.\n\n\n\nThis issue affects:\u00a0All SDM600 versions prior to version 1.3.0.\n\n \n\nList of CPEs:\n\n\n * cpe:2.3:a:hitachienergy:sdm600:1.0:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.1:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.9002.257:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.10002.257:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.11002.149:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.12002.222:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.13002.72:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.44:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.92:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.108:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.182:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.257:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.342:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.447:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.481:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.506:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.566:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.20000.3174:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.21000.291:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.21000.931:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.21000.105:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.23000.291:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.3.0.1339:*:*:*:*:*:*:*\n\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285:Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-03T06:48:10.639Z",
"orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"shortName": "Hitachi Energy"
},
"references": [
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000138\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "SDM600 software privilege level",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Apply mitigation as described in the cybersecurity advisory Mitigation Factors/Workarounds Section."
}
],
"value": "Apply mitigation as described in the cybersecurity advisory Mitigation Factors/Workarounds Section."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"assignerShortName": "Hitachi Energy",
"cveId": "CVE-2022-3685",
"datePublished": "2023-03-28T13:00:13.800Z",
"dateReserved": "2022-10-26T06:03:12.473Z",
"dateUpdated": "2025-02-18T20:24:50.117Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3686 (GCVE-0-2022-3686)
Vulnerability from nvd – Published: 2023-03-28 12:57 – Updated: 2025-02-18 20:25
VLAI?
Title
SDM600 API permission check
Summary
A vulnerability exists in a SDM600 endpoint.
An attacker could exploit this vulnerability by running multiple parallel requests, the SDM600 web services become busy rendering the application unresponsive.
This issue affects: All SDM600 versions prior to version 1.2 FP3 HF4 (Build Nr. 1.2.23000.291)
List of CPEs:
* cpe:2.3:a:hitachienergy:sdm600:1.0:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.1:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.9002.257:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.10002.257:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.11002.149:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.12002.222:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.13002.72:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.44:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.92:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.108:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.182:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.257:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.342:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.447:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.481:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.506:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.566:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.20000.3174:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.21000.291:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.21000.931:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.21000.105:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.23000.291:*:*:*:*:*:*:*
Severity ?
4.8 (Medium)
CWE
- CWE-285 - Improper Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hitachi Energy | SDM600 |
Unaffected:
SDM600 1.3
Affected: SDM600 1.2 , ≤ SDM600 1.2.* (custom) Affected: SDM600 1.1 , ≤ SDM600 1.1.* (custom) Affected: SDM600 1.0 , ≤ SDM600 1.0.* (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:14:03.374Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000138\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3686",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-18T20:25:28.136869Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T20:25:39.042Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SDM600",
"vendor": "Hitachi Energy",
"versions": [
{
"status": "unaffected",
"version": "SDM600 1.3"
},
{
"lessThanOrEqual": "SDM600 1.2.*",
"status": "affected",
"version": "SDM600 1.2",
"versionType": "custom"
},
{
"lessThanOrEqual": "SDM600 1.1.*",
"status": "affected",
"version": "SDM600 1.1",
"versionType": "custom"
},
{
"lessThanOrEqual": "SDM600 1.0.*",
"status": "affected",
"version": "SDM600 1.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-03-28T12:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability exists in a SDM600 endpoint.\u003cbr\u003eAn attacker could exploit this vulnerability by running multiple parallel requests, the SDM600 web services become busy rendering the application unresponsive.\u003cbr\u003eThis issue affects:\u0026nbsp;All SDM600 versions prior to version 1.2 FP3 HF4 (Build Nr. 1.2.23000.291)\u003cbr\u003e\u003cbr\u003e \n\nList of CPEs:\n\n\u003cbr\u003e\u003cul\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.0:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.1:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.9002.257:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.10002.257:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.11002.149:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.12002.222:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.13002.72:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.44:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.92:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.108:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.182:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.257:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.342:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.447:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.481:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.506:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.566:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.20000.3174:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.21000.291:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.21000.931:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.21000.105:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.23000.291:*:*:*:*:*:*:*\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "A vulnerability exists in a SDM600 endpoint.\nAn attacker could exploit this vulnerability by running multiple parallel requests, the SDM600 web services become busy rendering the application unresponsive.\nThis issue affects:\u00a0All SDM600 versions prior to version 1.2 FP3 HF4 (Build Nr. 1.2.23000.291)\n\n \n\nList of CPEs:\n\n\n * cpe:2.3:a:hitachienergy:sdm600:1.0:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.1:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.9002.257:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.10002.257:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.11002.149:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.12002.222:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.13002.72:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.44:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.92:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.108:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.182:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.257:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.342:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.447:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.481:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.506:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.566:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.20000.3174:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.21000.291:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.21000.931:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.21000.105:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.23000.291:*:*:*:*:*:*:*\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285:Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-28T12:57:11.113Z",
"orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"shortName": "Hitachi Energy"
},
"references": [
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000138\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability is remediated in SDM600 1.3.0.1339.\u003cbr\u003ePlease update to SDM600 1.3.0.1339 version or apply mitigation as described in the Mitigation Factors/Workarounds Section.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "The vulnerability is remediated in SDM600 1.3.0.1339.\nPlease update to SDM600 1.3.0.1339 version or apply mitigation as described in the Mitigation Factors/Workarounds Section.\n\n"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "SDM600 API permission check",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Apply mitigation as described in the cybersecurity advisory Mitigation Factors/Workarounds Section."
}
],
"value": "Apply mitigation as described in the cybersecurity advisory Mitigation Factors/Workarounds Section."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"assignerShortName": "Hitachi Energy",
"cveId": "CVE-2022-3686",
"datePublished": "2023-03-28T12:57:11.113Z",
"dateReserved": "2022-10-26T06:03:14.525Z",
"dateUpdated": "2025-02-18T20:25:39.042Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3684 (GCVE-0-2022-3684)
Vulnerability from nvd – Published: 2023-03-28 12:49 – Updated: 2025-02-19 15:27
VLAI?
Title
SDM600 endpoint vulnerability
Summary
A vulnerability exists in a SDM600 endpoint.
An attacker could exploit this vulnerability by running multiple parallel requests, the SDM600 web services become busy rendering the application unresponsive.
This issue affects: All SDM600 versions prior to version 1.2 FP3 HF4 (Build Nr. 1.2.23000.291)
List of CPEs:
* cpe:2.3:a:hitachienergy:sdm600:1.0:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.1:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.9002.257:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.10002.257:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.11002.149:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.12002.222:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.13002.72:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.44:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.92:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.108:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.182:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.257:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.342:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.447:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.481:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.506:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.566:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.20000.3174:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.21000.291:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.21000.931:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.21000.105:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.23000.291:*:*:*:*:*:*:*
Severity ?
7.5 (High)
CWE
- CWE-404 - Improper Resource Shutdown or Release
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hitachi Energy | SDM600 |
Unaffected:
SDM600 1.3
Affected: SDM600 1.2 , ≤ SDM600 1.2.* (custom) Affected: SDM600 1.1 , ≤ SDM600 1.1.* (custom) Affected: SDM600 1.0 , ≤ SDM600 1.0.* (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:14:03.269Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000138\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3684",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-19T15:27:14.520212Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-19T15:27:23.084Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SDM600",
"vendor": "Hitachi Energy",
"versions": [
{
"status": "unaffected",
"version": "SDM600 1.3"
},
{
"lessThanOrEqual": "SDM600 1.2.*",
"status": "affected",
"version": "SDM600 1.2",
"versionType": "custom"
},
{
"lessThanOrEqual": "SDM600 1.1.*",
"status": "affected",
"version": "SDM600 1.1",
"versionType": "custom"
},
{
"lessThanOrEqual": "SDM600 1.0.*",
"status": "affected",
"version": "SDM600 1.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-03-28T12:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability exists in a SDM600 endpoint.\u003cbr\u003eAn attacker could exploit this vulnerability by running multiple parallel requests, the SDM600 web services become busy rendering the application unresponsive.\u003cbr\u003eThis issue affects:\u0026nbsp;All SDM600 versions prior to version 1.2 FP3 HF4 (Build Nr. 1.2.23000.291)\u003cbr\u003e\u003cbr\u003e \n\nList of CPEs:\n\n\u003cbr\u003e\u003cul\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.0:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.1:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.9002.257:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.10002.257:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.11002.149:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.12002.222:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.13002.72:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.44:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.92:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.108:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.182:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.257:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.342:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.447:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.481:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.506:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.566:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.20000.3174:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.21000.291:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.21000.931:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.21000.105:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.23000.291:*:*:*:*:*:*:*\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "A vulnerability exists in a SDM600 endpoint.\nAn attacker could exploit this vulnerability by running multiple parallel requests, the SDM600 web services become busy rendering the application unresponsive.\nThis issue affects:\u00a0All SDM600 versions prior to version 1.2 FP3 HF4 (Build Nr. 1.2.23000.291)\n\n \n\nList of CPEs:\n\n\n * cpe:2.3:a:hitachienergy:sdm600:1.0:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.1:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.9002.257:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.10002.257:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.11002.149:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.12002.222:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.13002.72:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.44:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.92:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.108:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.182:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.257:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.342:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.447:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.481:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.506:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.566:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.20000.3174:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.21000.291:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.21000.931:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.21000.105:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.23000.291:*:*:*:*:*:*:*\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "CWE-404 Improper Resource Shutdown or Release",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-28T12:49:36.714Z",
"orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"shortName": "Hitachi Energy"
},
"references": [
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000138\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability is remediated in SDM600 1.3.0.1339.\u003cbr\u003ePlease update to SDM600 1.3.0.1339 version or apply mitigation as described in the Mitigation Factors/Workarounds Section.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "The vulnerability is remediated in SDM600 1.3.0.1339.\nPlease update to SDM600 1.3.0.1339 version or apply mitigation as described in the Mitigation Factors/Workarounds Section.\n\n"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "SDM600 endpoint vulnerability ",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Apply mitigation as described in the cybersecurity advisory Mitigation Factors/Workarounds Section."
}
],
"value": "Apply mitigation as described in the cybersecurity advisory Mitigation Factors/Workarounds Section."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"assignerShortName": "Hitachi Energy",
"cveId": "CVE-2022-3684",
"datePublished": "2023-03-28T12:49:36.714Z",
"dateReserved": "2022-10-26T06:02:30.400Z",
"dateUpdated": "2025-02-19T15:27:23.084Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3683 (GCVE-0-2022-3683)
Vulnerability from nvd – Published: 2023-03-28 12:28 – Updated: 2025-02-18 20:28
VLAI?
Title
SDM600 API web services authorization validation
Summary
A vulnerability exists in the SDM600 API web services authorization validation implementation.
An attacker who successfully exploits the vulnerability could read data directly from a data store that is not restricted, or insufficiently protected, having access to sensitive data.
This issue affects: All SDM600 versions prior to version 1.2 FP3 HF4 (Build Nr. 1.2.23000.291)
List of CPEs:
* cpe:2.3:a:hitachienergy:sdm600:1.0:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.1:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.9002.257:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.10002.257:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.11002.149:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.12002.222:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.13002.72:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.44:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.92:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.108:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.182:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.257:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.342:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.447:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.481:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.506:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.566:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.20000.3174:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.21000.291:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.21000.931:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.21000.105:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.23000.291:*:*:*:*:*:*:*
Severity ?
7.7 (High)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hitachi Energy | SDM600 |
Unaffected:
SDM600 1.3
Affected: SDM600 1.2 , ≤ SDM600 1.2.* (custom) Affected: SDM600 1.1 , ≤ SDM600 1.1.* (custom) Affected: SDM600 1.0 , ≤ SDM600 1.0.* (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:14:03.245Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000138\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3683",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-18T20:28:19.621081Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T20:28:27.275Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SDM600",
"vendor": "Hitachi Energy",
"versions": [
{
"status": "unaffected",
"version": "SDM600 1.3"
},
{
"lessThanOrEqual": "SDM600 1.2.*",
"status": "affected",
"version": "SDM600 1.2",
"versionType": "custom"
},
{
"lessThanOrEqual": "SDM600 1.1.*",
"status": "affected",
"version": "SDM600 1.1",
"versionType": "custom"
},
{
"lessThanOrEqual": "SDM600 1.0.*",
"status": "affected",
"version": "SDM600 1.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-03-28T12:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability exists in the SDM600 API web services authorization validation implementation. \u003cbr\u003eAn attacker who successfully exploits the vulnerability could read data directly from a data store that is not restricted, or insufficiently protected, having access to sensitive data.\u003cbr\u003e\u003cbr\u003e\n\nThis issue affects:\u0026nbsp;All SDM600 versions prior to version 1.2 FP3 HF4 (Build Nr. 1.2.23000.291)\u003cbr\u003e\u003cbr\u003e \n\nList of CPEs:\n\n\u003cbr\u003e\u003cul\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.0:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.1:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.9002.257:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.10002.257:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.11002.149:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.12002.222:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.13002.72:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.44:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.92:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.108:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.182:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.257:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.342:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.447:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.481:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.506:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.566:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.20000.3174:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.21000.291:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.21000.931:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.21000.105:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.23000.291:*:*:*:*:*:*:*\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "A vulnerability exists in the SDM600 API web services authorization validation implementation. \nAn attacker who successfully exploits the vulnerability could read data directly from a data store that is not restricted, or insufficiently protected, having access to sensitive data.\n\n\n\nThis issue affects:\u00a0All SDM600 versions prior to version 1.2 FP3 HF4 (Build Nr. 1.2.23000.291)\n\n \n\nList of CPEs:\n\n\n * cpe:2.3:a:hitachienergy:sdm600:1.0:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.1:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.9002.257:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.10002.257:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.11002.149:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.12002.222:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.13002.72:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.44:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.92:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.108:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.182:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.257:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.342:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.447:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.481:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.506:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.566:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.20000.3174:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.21000.291:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.21000.931:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.21000.105:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.23000.291:*:*:*:*:*:*:*\n\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-28T12:28:37.543Z",
"orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"shortName": "Hitachi Energy"
},
"references": [
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000138\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability is remediated in SDM600 1.3.0.1339.\u003cbr\u003ePlease update to SDM600 1.3.0.1339 version or apply mitigation as described in the Mitigation Factors/Workarounds Section.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "The vulnerability is remediated in SDM600 1.3.0.1339.\nPlease update to SDM600 1.3.0.1339 version or apply mitigation as described in the Mitigation Factors/Workarounds Section.\n\n"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "SDM600 API web services authorization validation",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Apply mitigation as described in the cybersecurity advisory Mitigation Factors/Workarounds Section."
}
],
"value": "Apply mitigation as described in the cybersecurity advisory Mitigation Factors/Workarounds Section."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"assignerShortName": "Hitachi Energy",
"cveId": "CVE-2022-3683",
"datePublished": "2023-03-28T12:28:37.543Z",
"dateReserved": "2022-10-26T06:02:11.393Z",
"dateUpdated": "2025-02-18T20:28:27.275Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3682 (GCVE-0-2022-3682)
Vulnerability from nvd – Published: 2023-03-28 11:36 – Updated: 2025-02-18 19:34
VLAI?
Title
SDM600 file permission validation
Summary
A vulnerability exists in the SDM600 file permission validation.
An attacker could exploit the vulnerability by gaining access to the system and uploading a specially crafted message to the system node, which could result in Arbitrary code Executing.
This issue affects: All SDM600 versions prior to version 1.2 FP3 HF4 (Build Nr. 1.2.23000.291)
List of CPEs:
* cpe:2.3:a:hitachienergy:sdm600:1.0:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.1:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.9002.257:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.10002.257:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.11002.149:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.12002.222:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.13002.72:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.44:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.92:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.108:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.182:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.257:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.342:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.447:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.481:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.506:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.566:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.20000.3174:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.21000.291:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.21000.931:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.21000.105:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.23000.291:*:*:*:*:*:*:*
Severity ?
9.9 (Critical)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hitachi Energy | SDM600 |
Unaffected:
SDM600 1.3
Affected: SDM600 1.2 , ≤ SDM600 1.2.* (custom) Affected: SDM600 1.1 , ≤ SDM600 1.1.* (custom) Affected: SDM600 1.0; , ≤ SDM600 1.0.* (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:14:03.359Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000138\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3682",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-18T19:32:43.632377Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T19:34:11.076Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SDM600",
"vendor": "Hitachi Energy",
"versions": [
{
"status": "unaffected",
"version": "SDM600 1.3"
},
{
"lessThanOrEqual": "SDM600 1.2.*",
"status": "affected",
"version": "SDM600 1.2",
"versionType": "custom"
},
{
"lessThanOrEqual": "SDM600 1.1.*",
"status": "affected",
"version": "SDM600 1.1",
"versionType": "custom"
},
{
"lessThanOrEqual": "SDM600 1.0.*",
"status": "affected",
"version": "SDM600 1.0;",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability exists in the SDM600 file permission validation. \u003cbr\u003eAn attacker could exploit the vulnerability by gaining access to the system and uploading a specially crafted message to the system node, which could result in Arbitrary code Executing.\u003cbr\u003e\u003cbr\u003e\n\nThis issue affects:\u0026nbsp;All SDM600 versions prior to version 1.2 FP3 HF4 (Build Nr. 1.2.23000.291)\u003cbr\u003e\u003cbr\u003e \n\nList of CPEs:\n\n\u003cbr\u003e\u003cul\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.0:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.1:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.9002.257:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.10002.257:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.11002.149:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.12002.222:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.13002.72:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.44:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.92:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.108:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.182:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.257:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.342:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.447:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.481:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.506:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.14002.566:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.20000.3174:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.21000.291:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.21000.931:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.21000.105:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:sdm600:1.2.23000.291:*:*:*:*:*:*:*\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "A vulnerability exists in the SDM600 file permission validation. \nAn attacker could exploit the vulnerability by gaining access to the system and uploading a specially crafted message to the system node, which could result in Arbitrary code Executing.\n\n\n\nThis issue affects:\u00a0All SDM600 versions prior to version 1.2 FP3 HF4 (Build Nr. 1.2.23000.291)\n\n \n\nList of CPEs:\n\n\n * cpe:2.3:a:hitachienergy:sdm600:1.0:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.1:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.9002.257:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.10002.257:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.11002.149:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.12002.222:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.13002.72:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.44:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.92:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.108:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.182:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.257:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.342:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.447:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.481:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.506:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.566:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.20000.3174:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.21000.291:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.21000.931:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.21000.105:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:sdm600:1.2.23000.291:*:*:*:*:*:*:*\n\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-28T11:36:37.421Z",
"orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"shortName": "Hitachi Energy"
},
"references": [
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000138\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability is remediated in SDM600 1.3.0.1339.\u003cbr\u003ePlease update to SDM600 1.3.0.1339 version or apply mitigation as described in the Mitigation Factors/Workarounds Section.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "The vulnerability is remediated in SDM600 1.3.0.1339.\nPlease update to SDM600 1.3.0.1339 version or apply mitigation as described in the Mitigation Factors/Workarounds Section.\n\n"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "SDM600 file permission validation",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Apply mitigation as described in the cybersecurity advisory Mitigation Factors/Workarounds Section."
}
],
"value": "Apply mitigation as described in the cybersecurity advisory Mitigation Factors/Workarounds Section."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"assignerShortName": "Hitachi Energy",
"cveId": "CVE-2022-3682",
"datePublished": "2023-03-28T11:36:37.421Z",
"dateReserved": "2022-10-26T06:01:29.284Z",
"dateUpdated": "2025-02-18T19:34:11.076Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}