CVE-2022-1778

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-1778
Improper Input Validation vulnerability in Hitachi Energy MicroSCADA X SYS600 while reading a specific configuration file causes a buffer-overflow that causes a failure to start the SYS600. The configuration file can only be accessed by an administrator access. This issue affects: Hitachi Energy MicroSCADA X SYS600 version 10 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://publisher.hitachienergy.com/preview?DocumentId=8DBD000106&languageCode=en&Preview=true
https://search.abb.com/library/Download.aspx?DocumentID=8DBD000106&LanguageCode=en&DocumentPartId=&Action=Launch
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:hitachienergy:microscada_x_sys600:*:*:*:*:*:*:*:*
cpe:2.3:h:hitachienergy:sys600:-:*:*:*:*:*:*:*
History

21 Nov 2024, 06:41

Type Values Removed Values Added
References
  • () https://search.abb.com/library/Download.aspx?DocumentID=8DBD000106&LanguageCode=en&DocumentPartId=&Action=Launch -
CVSS v2 : unknown
v3 : 4.4 		v2 : unknown
v3 : 7.5

23 Sep 2024, 12:15

Type Values Removed Values Added
CWE CWE-20
References
  • {'url': 'https://search.abb.com/library/Download.aspx?DocumentID=8DBD000106&LanguageCode=en&DocumentPartId=&Action=Launch', 'tags': ['Vendor Advisory'], 'source': 'cybersecurity@hitachienergy.com'}
  • () https://publisher.hitachienergy.com/preview?DocumentId=8DBD000106&languageCode=en&Preview=true -

27 Jun 2023, 15:47

Type Values Removed Values Added
CWE CWE-120 CWE-119
Information

Published : 2022-09-14 18:15

Updated : 2024-11-21 06:41

NVD link : CVE-2022-1778

Mitre link : CVE-2022-1778

CVE.ORG link : CVE-2022-1778

JSON object : View

Products Affected

hitachienergy

  • sys600
  • microscada_x_sys600
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer