CVE-2022-1778

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-1778
Improper Input Validation vulnerability in Hitachi Energy MicroSCADA X SYS600 while reading a specific configuration file causes a buffer-overflow that causes a failure to start the SYS600. The configuration file can only be accessed by an administrator access. This issue affects: Hitachi Energy MicroSCADA X SYS600 version 10 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*

4.4 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://publisher.hitachienergy.com/preview?DocumentId=8DBD000106&languageCode=en&Preview=true
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:hitachienergy:microscada_x_sys600:*:*:*:*:*:*:*:*
cpe:2.3:h:hitachienergy:sys600:-:*:*:*:*:*:*:*
History

23 Sep 2024, 12:15

Type Values Removed Values Added
References
  • {'url': 'https://search.abb.com/library/Download.aspx?DocumentID=8DBD000106&LanguageCode=en&DocumentPartId=&Action=Launch', 'tags': ['Vendor Advisory'], 'source': 'cybersecurity@hitachienergy.com'}
  • () https://publisher.hitachienergy.com/preview?DocumentId=8DBD000106&languageCode=en&Preview=true -
CWE CWE-20

27 Jun 2023, 15:47

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 4.4
CWE CWE-119
CPE cpe:2.3:a:hitachienergy:microscada_x_sys600:*:*:*:*:*:*:*:*
cpe:2.3:h:hitachienergy:sys600:-:*:*:*:*:*:*:*
References (CONFIRM) https://search.abb.com/library/Download.aspx?DocumentID=8DBD000106&LanguageCode=en&DocumentPartId=&Action=Launch - (CONFIRM) https://search.abb.com/library/Download.aspx?DocumentID=8DBD000106&LanguageCode=en&DocumentPartId=&Action=Launch - Vendor Advisory

14 Sep 2022, 18:15

Type Values Removed Values Added
New CVE
Information

Published : 2022-09-14 18:15

Updated : 2024-09-25 11:15

NVD link : CVE-2022-1778

Mitre link : CVE-2022-1778

CVE.ORG link : CVE-2022-1778

JSON object : View

Products Affected

hitachienergy

  • microscada_x_sys600
  • sys600
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer