CVE-2022-1778 HIGH

Published: 2022-09-14 | Last Modified: 2024-11-21 | Status: Modified

Description

Improper Input Validation vulnerability in Hitachi Energy MicroSCADA X SYS600 while reading a specific configuration file causes a buffer-overflow that causes a failure to start the SYS600. The configuration file can only be accessed by an administrator access. This issue affects: Hitachi Energy MicroSCADA X SYS600 version 10 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*

Additional Descriptions (1)

Una vulnerabilidad de comprobación de entrada inapropiada en Hitachi Energy MicroSCADA X SYS600 mientras es leído un archivo de configuración específico causa un desbordamiento del búfer que causa un fallo en el inicio del SYS600. Sólo puede accederse al archivo de configuración mediante un acceso de administrador. Este problema afecta a: Hitachi Energy MicroSCADA X SYS600 versión 10 hasta 10.3.1. cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:cpe:2. 3:a:hitachienergy:microscada_x_sys600:10.1:*:*:*:*:*:*:cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:*:*:*:*:*:*:*:cpe:2. 3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:cpe:2. 3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*:*

CVSS Metrics

Base Score: 4.4 (MEDIUM)

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Attack Vector	LOCAL
Attack Complexity	LOW
Privileges Required	HIGH
User Interaction	NONE
Scope	UNCHANGED
Confidentiality Impact	NONE
Integrity Impact	NONE
Availability Impact	HIGH

Source: [email protected]

Type: Primary

Exploitability Score: 0.8

Impact Score: 3.6

Weaknesses

Source	Type	Description
[email protected]	Secondary	en CWE-119
[email protected]	Primary	en CWE-119

Affected Products

Vendor	Product	Version	Update	Type
hitachienergy	microscada_x_sys600	*	<built-in method update of dict object at 0x72a961ecaf40>	Application

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:hitachienergy:microscada_x_sys600::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:hitachienergy:sys600:-:::::::*`

References

https://publisher.hitachienergy.com/preview?DocumentId=8DBD000106&languageCode=en&Preview=true
Source: [email protected]
https://search.abb.com/library/Download.aspx?DocumentID=8DBD000106&LanguageCode=en&DocumentPartId=&Action=Launch
Source: af854a3a-2127-422b-91ae-364da2661108