CVE-2022-29492

{"id": "CVE-2022-29492", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cybersecurity@hitachienergy.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2022-09-14T18:15:10.117", "references": [{"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000106&LanguageCode=en&DocumentPartId=&Action=Launch", "tags": ["Vendor Advisory"], "source": "cybersecurity@hitachienergy.com"}, {"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000106&LanguageCode=en&DocumentPartId=&Action=Launch", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "cybersecurity@hitachienergy.com", "description": [{"lang": "en", "value": "CWE-20"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Improper Input Validation vulnerability in the handling of a malformed IEC 104 TCP packet in the Hitachi Energy MicroSCADA X SYS600, MicroSCADA Pro SYS600. Upon receiving a malformed IEC 104 TCP packet, the malformed packet is dropped, however the TCP connection is left open. This may cause a denial-of-service if the affected connection is left open. This issue affects: Hitachi Energy MicroSCADA Pro SYS600 version 9.4 FP2 Hotfix 4 and earlier versions Hitachi Energy MicroSCADA X SYS600 version 10 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.0:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*"}, {"lang": "es", "value": "Una vulnerabilidad de comprobaci\u00f3n de entrada inapropiada en el manejo de un paquete TCP IEC 104 malformado en Hitachi Energy MicroSCADA X SYS600, MicroSCADA Pro SYS600. Al recibir un paquete TCP IEC 104 malformado, el paquete malformado es descartado, pero la conexi\u00f3n TCP es dejada abierta. Esto puede causar una denegaci\u00f3n de servicio si la conexi\u00f3n afectada es dejada abierta. Este problema afecta a: Hitachi Energy MicroSCADA Pro SYS600 versi\u00f3n 9.4 FP2 Hotfix 4 y versiones anteriores Hitachi Energy MicroSCADA X SYS600 versi\u00f3n 10 hasta 10.3.1. cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.0:*:*:*:*:cpe:2. 3:a:hitachienergy:microscada_pro_sys600:9.1:*:*:*:*:*:cpe:2.3:a:hitachienergy:microscada_pro_sys600:9. 2:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.3:*:*:*:*:*:cpe:2.3:a:hitachienergy:microscada_pro_sys600:9. 4:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10. 1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:*:*:*:*:*:*:* cpe:2. 3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:cpe:2. 3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*:*"}], "lastModified": "2024-11-21T06:59:11.120", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hitachienergy:microscada_x_sys600:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD1BD113-3219-458A-82CC-2BCDF55B9A13", "versionEndExcluding": "10.4", "versionStartIncluding": "9.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hitachienergy:sys600:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "42B6499F-D82D-4B02-BBEC-60B36FB0C678"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cybersecurity@hitachienergy.com"}