IM
IronMonkey Threat Research

CVE-2022-2277 HIGH

Published: 2022-09-14 | Last Modified: 2024-11-21 | Status: Modified

Description

Improper Input Validation vulnerability exists in the Hitachi Energy MicroSCADA X SYS600's ICCP stack during the ICCP communication establishment causes a denial-of-service when ICCP of SYS600 is request to forward any data item updates with timestamps too distant in the future to any remote ICCP system. By default, ICCP is not configured and not enabled. This issue affects: Hitachi Energy MicroSCADA X SYS600 version 10.2 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*

Additional Descriptions (1)

Se presenta una vulnerabilidad de comprobación de entrada inapropiada en la pila ICCP de Hitachi Energy MicroSCADA X SYS600 durante el establecimiento de la comunicación ICCP que causa una denegación de servicio cuando es solicitado a ICCP de SYS600 que reenvíe cualquier actualización de elementos de datos con marcas de tiempo demasiado distantes en el futuro a cualquier sistema ICCP remoto. Por defecto, ICCP no está configurado ni habilitado. Este problema afecta: Hitachi Energy MicroSCADA X SYS600 versión 10.2 a versión 10.3.1. cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:cpe:2.3:a:hitachienergy:microscada_x_sys600:10. 2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*

CVSS Metrics

Base Score: 7.5 (HIGH)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack VectorNETWORK
Attack ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
ScopeUNCHANGED
Confidentiality ImpactNONE
Integrity ImpactNONE
Availability ImpactHIGH

Source: [email protected]

Type: Primary

Exploitability Score: 3.9

Impact Score: 3.6

Weaknesses

Source Type Description
[email protected] Secondary
en CWE-1284
[email protected] Primary
en CWE-1284

Affected Products

Vendor Product Version Update Type
hitachienergy microscada_x_sys600 * <built-in method update of dict object at 0x72a9ccd28740> Application

Affected Configurations

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:hitachienergy:microscada_x_sys600:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:hitachienergy:sys600:-:*:*:*:*:*:*:*

References

Notification
Message here