All the vulnerabilites related to Hitachi Energy - TXpert Hub CoreTec 4
cve-2023-2625
Vulnerability from cvelistv5
Published
2023-06-28 16:15
Modified
2024-08-02 06:26
Severity ?
EPSS score ?
Summary
A vulnerability exists that can be exploited by an authenticated client that is connected to the same network segment as the CoreTec 4, having any level of access VIEWER to ADMIN. To exploit the vulnerability the attacker can inject shell commands through a particular field of the web user interface that will be executed by the system.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Hitachi Energy | TXpert Hub CoreTec 4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:26:09.908Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000163\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "TXpert Hub CoreTec 4",
"vendor": "Hitachi Energy",
"versions": [
{
"status": "affected",
"version": "TXpert Hub CoreTec 4 version 2.0.*"
},
{
"status": "affected",
"version": "TXpert Hub CoreTec 4 version 2.1.*"
},
{
"status": "affected",
"version": "TXpert Hub CoreTec 4 version 2.2.*"
},
{
"status": "affected",
"version": "TXpert Hub CoreTec 4 version 2.3.*"
},
{
"status": "affected",
"version": "TXpert Hub CoreTec 4 version 2.4.*"
},
{
"status": "unaffected",
"version": "TXpert Hub CoreTec 4 version 3.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability exists that can be exploited by an authenticated client that is connected to the same network segment as the CoreTec 4, having any level of access VIEWER to ADMIN. To exploit the vulnerability the attacker can inject shell commands through a particular field of the web user interface that will be executed by the system."
}
],
"value": "A vulnerability exists that can be exploited by an authenticated client that is connected to the same network segment as the CoreTec 4, having any level of access VIEWER to ADMIN. To exploit the vulnerability the attacker can inject shell commands through a particular field of the web user interface that will be executed by the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-28T16:15:46.529Z",
"orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"shortName": "Hitachi Energy"
},
"references": [
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000163\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability is remediated in\u0026nbsp;TXpert Hub CoreTec 4 version 3.0.1."
}
],
"value": "The vulnerability is remediated in\u00a0TXpert Hub CoreTec 4 version 3.0.1."
}
],
"source": {
"discovery": "UNKNOWN"
},
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nApply mitigation as described in the cybersecurity advisory Mitigation Factors/Workarounds Section.\n\n\u003cbr\u003e"
}
],
"value": "\nApply mitigation as described in the cybersecurity advisory Mitigation Factors/Workarounds Section.\n\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"assignerShortName": "Hitachi Energy",
"cveId": "CVE-2023-2625",
"datePublished": "2023-06-28T16:15:46.529Z",
"dateReserved": "2023-05-10T10:31:57.900Z",
"dateUpdated": "2024-08-02T06:26:09.908Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-3353
Vulnerability from cvelistv5
Published
2023-02-21 13:50
Modified
2024-08-03 01:07
Severity ?
EPSS score ?
Summary
IEC 61850 MMS-Server Vulnerability in multiple Hitachi Energy Products
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:07:06.451Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000125\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000126\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000128\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000133\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000129\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000130\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000131\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000127\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000132\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000124\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FOX61x TEGO1",
"vendor": "Hitachi Energy",
"versions": [
{
"status": "unaffected",
"version": "tego1_r16a11"
},
{
"status": "affected",
"version": "tego1_r15b08"
},
{
"status": "affected",
"version": "tego1_r2a16_03"
},
{
"status": "affected",
"version": "tego1_r2a16"
},
{
"status": "affected",
"version": "tego1_r1e01"
},
{
"status": "affected",
"version": "tego1_r1d02"
},
{
"status": "affected",
"version": "tego1_r1c07"
},
{
"status": "affected",
"version": "tego1_r1b02"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GMS600",
"vendor": "Hitachi Energy",
"versions": [
{
"status": "affected",
"version": "GMS600 1.3"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ITT600 SA Explorer",
"vendor": "Hitachi Energy",
"versions": [
{
"status": "affected",
"version": "ITT600 SA Explorer 1.1.0"
},
{
"status": "affected",
"version": "ITT600 SA Explorer 1.1.1"
},
{
"status": "affected",
"version": "ITT600 SA Explorer 1.1.2"
},
{
"status": "affected",
"version": "ITT600 SA Explorer 1.5.0"
},
{
"status": "affected",
"version": "ITT600 SA Explorer 1.5.1"
},
{
"status": "affected",
"version": "ITT600 SA Explorer 1.6.0"
},
{
"status": "affected",
"version": "ITT600 SA Explorer 1.6.0.1"
},
{
"status": "affected",
"version": "ITT600 SA Explorer 1.7.0"
},
{
"status": "affected",
"version": "ITT600 SA Explorer 1.7.2"
},
{
"status": "affected",
"version": "ITT600 SA Explorer 1.8.0"
},
{
"status": "affected",
"version": "ITT600 SA Explorer 2.0.1"
},
{
"status": "affected",
"version": "ITT600 SA Explorer 2.0.2"
},
{
"status": "affected",
"version": "ITT600 SA Explorer 2.0.3"
},
{
"status": "affected",
"version": "ITT600 SA Explorer 2.0.4.1"
},
{
"status": "affected",
"version": "ITT600 SA Explorer 2.0.5.0"
},
{
"status": "affected",
"version": "ITT600 SA Explorer 2.0.5.4"
},
{
"status": "affected",
"version": "ITT600 SA Explorer 2.1.0.4"
},
{
"status": "affected",
"version": "ITT600 SA Explorer 2.1.0.5"
},
{
"status": "unaffected",
"version": "ITT600 SA Explorer 2.1.1.2"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MicroSCADA X SYS600",
"vendor": "Hitachi Energy",
"versions": [
{
"status": "affected",
"version": "SYS600 10"
},
{
"status": "affected",
"version": "SYS600 10.1"
},
{
"status": "affected",
"version": "SYS600 10.1.1"
},
{
"status": "affected",
"version": "SYS600 10.2"
},
{
"status": "affected",
"version": "SYS600 10.2.1"
},
{
"status": "affected",
"version": "SYS600 10.3"
},
{
"status": "affected",
"version": "SYS600 10.3.1"
},
{
"status": "affected",
"version": "SYS600 10.4"
},
{
"status": "unaffected",
"version": "SYS600 10.4.1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MSM",
"vendor": "Hitachi Energy",
"versions": [
{
"status": "affected",
"version": "MSM 2.2.3;0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PWC600",
"vendor": "Hitachi Energy",
"versions": [
{
"status": "affected",
"version": "PWC600 1.0"
},
{
"status": "affected",
"version": "PWC600 1.1"
},
{
"status": "affected",
"version": "PWC600 1.2"
}
]
},
{
"defaultStatus": "unaffected",
"product": "REB500",
"vendor": "Hitachi Energy",
"versions": [
{
"lessThan": "7.*",
"status": "affected",
"version": "REB500 7.0",
"versionType": "7.*"
},
{
"lessThan": "8.*",
"status": "affected",
"version": "REB500 8.0",
"versionType": "8.*"
},
{
"status": "unaffected",
"version": "REB500 8.3.3.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Relion\u00ae 670",
"vendor": "Hitachi Energy",
"versions": [
{
"status": "affected",
"version": "Relion 670 1.2"
},
{
"status": "affected",
"version": "Relion 670 2.0"
},
{
"status": "affected",
"version": "Relion 670 version 2.1"
},
{
"status": "affected",
"version": "Relion 670 2.2.0"
},
{
"status": "affected",
"version": "Relion 670 2.2.1"
},
{
"status": "affected",
"version": "Relion 670 2.2.2"
},
{
"status": "affected",
"version": "Relion 670 2.2.3"
},
{
"status": "affected",
"version": "Relion 670 2.2.4"
},
{
"status": "affected",
"version": "Relion 670 2.2.5"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Relion\u00ae 650",
"vendor": "Hitachi Energy",
"versions": [
{
"status": "affected",
"version": "Relion 650 1.1"
},
{
"status": "affected",
"version": "Relion 650 1.3"
},
{
"status": "affected",
"version": "Relion 650 2.1"
},
{
"status": "affected",
"version": "Relion 650 2.2.0"
},
{
"status": "affected",
"version": "Relion 650 2.2.1"
},
{
"status": "affected",
"version": "Relion 650 2.2.2"
},
{
"status": "affected",
"version": "Relion 650 2.2.3"
},
{
"status": "affected",
"version": "Relion 650 2.2.4"
},
{
"status": "affected",
"version": "Relion 650 2.2.5"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SAM600-IO",
"vendor": "Hitachi Energy",
"versions": [
{
"status": "affected",
"version": "Relion SAM600-IO 2.2.1"
},
{
"status": "affected",
"version": "Relion SAM600-IO 2.2.5"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RTU500",
"vendor": "Hitachi Energy",
"versions": [
{
"lessThanOrEqual": "12.0.14",
"status": "affected",
"version": "RTU500 12.0.1",
"versionType": "12.0.14"
},
{
"status": "unaffected",
"version": "RTU500 12.0.15"
},
{
"lessThanOrEqual": "12.2.11",
"status": "affected",
"version": "RTU500 12.2.1",
"versionType": "12.2.11"
},
{
"status": "unaffected",
"version": "RTU500 12.2.12"
},
{
"lessThanOrEqual": "12.4.11",
"status": "affected",
"version": "RTU500 12.4.1",
"versionType": "12.4.11"
},
{
"status": "unaffected",
"version": "RTU500 12.4.12"
},
{
"lessThanOrEqual": "12.6.8",
"status": "affected",
"version": "RTU500 12.6.1",
"versionType": "12.6.8"
},
{
"status": "unaffected",
"version": "RTU500 12.6.9"
},
{
"lessThanOrEqual": "12.7.4",
"status": "affected",
"version": "RTU500 12.7.1",
"versionType": "12.7.4"
},
{
"status": "unaffected",
"version": "RTU500 12.7.5"
},
{
"lessThanOrEqual": "13.2.5",
"status": "affected",
"version": "RTU500 13.2.1",
"versionType": "13.2.5"
},
{
"status": "unaffected",
"version": "RTU500 13.2.6"
},
{
"lessThanOrEqual": "13.3.3",
"status": "affected",
"version": "RTU500 13.3.1",
"versionType": "13.3.3"
},
{
"status": "unaffected",
"version": "RTU500 13.3.4"
},
{
"status": "affected",
"version": "RTU500 13.4.1"
},
{
"status": "unaffected",
"version": "RTU500 13.4.2"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TXpert Hub CoreTec 4",
"vendor": "Hitachi Energy",
"versions": [
{
"status": "affected",
"version": "CoreTec 4 version 2.0.*"
},
{
"status": "affected",
"version": "CoreTec 4 version 2.1.*"
},
{
"status": "affected",
"version": "CoreTec 4 version 2.2.*"
},
{
"status": "affected",
"version": "CoreTec 4 version 2.3.*"
},
{
"status": "affected",
"version": "CoreTec 4 version 2.4.*"
},
{
"status": "affected",
"version": "CoreTec 4 version 3.0.*"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TXpert Hub CoreTec 5",
"vendor": "Hitachi Energy",
"versions": [
{
"status": "affected",
"version": "CoreTec 5 version 3.0.*"
}
]
}
],
"datePublic": "2023-02-14T13:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\n\n\u003cdiv\u003e\u003cp\u003eA vulnerability exists in the IEC 61850 communication stack that affects multiple Hitachi Energy products.\u0026nbsp;\u003c/p\u003e\u003cp\u003eAn attacker could exploit the vulnerability by using a specially crafted message sequence, to force the IEC 61850 MMS-server communication stack, to stop accepting new MMS-client connections.\u0026nbsp;\u003cbr\u003e\u003c/p\u003e\u003c/div\u003e\u003cdiv\u003e\u003cp\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eAlready existing/established client-server connections are not affected.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\n\n\u003c/p\u003e\u003cdiv\u003e\u003cp\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eList of affected CPEs:\u003c/span\u003e\u003cbr\u003e\u003c/p\u003e\u003c/div\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:o:hitachienergy:fox61x_tego1:r15b08:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:o:hitachienergy:fox61x_tego1:r2a16_3:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:o:hitachienergy:fox61x_tego1:r2a16:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:o:hitachienergy:fox61x_tego1:r1e01:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:o:hitachienergy:fox61x_tego1:r1d02:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:o:hitachienergy:fox61x_tego1:r1c07:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:o:hitachienergy:fox61x_tego1:r1b02:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:gms600:1.3.0:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:itt600_sa_explorer:1.1.*:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:itt600_sa_explorer:1.5.*:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:itt600_sa_explorer:1.6.0:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:itt600_sa_explorer:1.6.0.1:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:itt600_sa_explorer:1.7.0:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:itt600_sa_explorer:1.7.2:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:itt600_sa_explorer:1.8.0:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:itt600_sa_explorer:2.0.*:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:itt600_sa_explorer:2.1.0.4:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:itt600_sa_explorer:2.1.0.5:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:microscada_x_sys600:10.*:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:microscada_x_sys600:10.4:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:microscada_x_sys600:10.4.1:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:mms:2.2.3:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:pwc600:1.0:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:pwc600:1.1:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:pwc600:1.2:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:o:hitachienergy:reb500:7:*:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:o:hitachienergy:reb500:8:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:o:hitachienergy:relion670:1.2.*:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:o:hitachienergy:relion670:2.0.*:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:o:hitachienergy:relion650:1.1.*:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:o:hitachienergy:relion650:1.3.*:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:o:hitachienergy:relion650:2.1.*:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:o:hitachienergy:relion670:2.1.*:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:o:hitachienergy:relionSAM600-IO:2.2.1:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:o:hitachienergy:relionSAM600-IO:2.2.5:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:o:hitachienergy:relion670:2.2.*:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:o:hitachienergy:relion650:2.2.*:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:o:hitachienergy:rtu500cmu:12.*.*:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:rtu500cmu:13.*.*:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:txpert_hub_coretec_4:2.*:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:txpert_hub_coretec_4:3.0:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:txpert_hub_coretec_5:3.0:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003c/div\u003e"
}
],
"value": "\n\n\nA vulnerability exists in the IEC 61850 communication stack that affects multiple Hitachi Energy products.\u00a0\n\nAn attacker could exploit the vulnerability by using a specially crafted message sequence, to force the IEC 61850 MMS-server communication stack, to stop accepting new MMS-client connections.\u00a0\n\n\n\n\nAlready existing/established client-server connections are not affected.\n\n\n\n\n\nList of affected CPEs:\n\n\n\n\n * cpe:2.3:o:hitachienergy:fox61x_tego1:r15b08:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:fox61x_tego1:r2a16_3:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:fox61x_tego1:r2a16:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:fox61x_tego1:r1e01:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:fox61x_tego1:r1d02:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:fox61x_tego1:r1c07:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:fox61x_tego1:r1b02:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:gms600:1.3.0:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.1.*:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.5.*:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.6.0:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.6.0.1:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.7.0:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.7.2:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.8.0:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.0.*:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.1.0.4:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.1.0.5:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.*:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.4:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.4.1:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:mms:2.2.3:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:pwc600:1.0:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:pwc600:1.1:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:pwc600:1.2:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:reb500:7:*:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:reb500:8:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:relion670:1.2.*:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:relion670:2.0.*:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:relion650:1.1.*:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:relion650:1.3.*:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:relion650:2.1.*:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:relion670:2.1.*:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:relionSAM600-IO:2.2.1:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:relionSAM600-IO:2.2.5:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:relion670:2.2.*:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:relion650:2.2.*:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:rtu500cmu:12.*.*:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:rtu500cmu:13.*.*:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:txpert_hub_coretec_4:2.*:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:txpert_hub_coretec_4:3.0:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:txpert_hub_coretec_5:3.0:*:*:*:*:*:*:*\n\n\n\n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-130",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-130 Excessive Allocation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "CWE-404 Improper Resource Shutdown or Release",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-21T14:09:25.358Z",
"orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"shortName": "Hitachi Energy"
},
"references": [
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000125\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000126\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000128\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000133\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000129\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000130\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000131\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000127\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000132\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000124\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nUpgrade the system once remediated version is available.\n\n\n\u003cbr\u003e"
}
],
"value": "\nUpgrade the system once remediated version is available.\n\n\n\n"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "IEC 61850 MMS-Server Vulnerability in multiple Hitachi Energy Products",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nRecommended security practices and firewall configurations can help protect a process control network from \nattacks that originate from outside the network. Such practices include that process control systems are physically protected from direct access by unauthorized personnel, have no direct connections to the Internet, and \nare separated from other networks by means of a firewall system that has a minimal number of ports exposed, \nand others that have to be evaluated case by case. Process control systems should not be used for Internet \nsurfing, instant messaging, or receiving e-mails. Portable computers and removable storage media should be \ncarefully scanned for viruses before they are connected to a control system.\n\n\u003cbr\u003e"
}
],
"value": "\nRecommended security practices and firewall configurations can help protect a process control network from \nattacks that originate from outside the network. Such practices include that process control systems are physically protected from direct access by unauthorized personnel, have no direct connections to the Internet, and \nare separated from other networks by means of a firewall system that has a minimal number of ports exposed, \nand others that have to be evaluated case by case. Process control systems should not be used for Internet \nsurfing, instant messaging, or receiving e-mails. Portable computers and removable storage media should be \ncarefully scanned for viruses before they are connected to a control system.\n\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"assignerShortName": "Hitachi Energy",
"cveId": "CVE-2022-3353",
"datePublished": "2023-02-21T13:50:46.145Z",
"dateReserved": "2022-09-28T12:22:08.645Z",
"dateUpdated": "2024-08-03T01:07:06.451Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}