Vulnerabilites related to hitachienergy - modular_switchgear_monitoring_firmware
Vulnerability from fkie_nvd
Published
2021-06-14 22:15
Modified
2024-11-21 05:57
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Improper Input Validation vulnerability in Hitachi ABB Power Grids Relion 670 Series, Relion 670/650 Series, Relion 670/650/SAM600-IO, Relion 650, REB500, RTU500 Series, FOX615 (TEGO1), MSM, GMS600, PWC600 allows an attacker with access to the IEC 61850 network with knowledge of how to reproduce the attack, as well as the IP addresses of the different IEC 61850 access points (of IEDs/products), to force the device to reboot, which renders the device inoperable for approximately 60 seconds. This vulnerability affects only products with IEC 61850 interfaces. This issue affects: Hitachi ABB Power Grids Relion 670 Series 1.1; 1.2.3 versions prior to 1.2.3.20; 2.0 versions prior to 2.0.0.13; 2.1; 2.2.2 versions prior to 2.2.2.3; 2.2.3 versions prior to 2.2.3.2. Hitachi ABB Power Grids Relion 670/650 Series 2.2.0 versions prior to 2.2.0.13. Hitachi ABB Power Grids Relion 670/650/SAM600-IO 2.2.1 versions prior to 2.2.1.6. Hitachi ABB Power Grids Relion 650 1.1; 1.2; 1.3 versions prior to 1.3.0.7. Hitachi ABB Power Grids REB500 7.3; 7.4; 7.5; 7.6; 8.2; 8.3. Hitachi ABB Power Grids RTU500 Series 7.x version 7.x and prior versions; 8.x version 8.x and prior versions; 9.x version 9.x and prior versions; 10.x version 10.x and prior versions; 11.x version 11.x and prior versions; 12.x version 12.x and prior versions. Hitachi ABB Power Grids FOX615 (TEGO1) R1D02 version R1D02 and prior versions. Hitachi ABB Power Grids MSM 2.1.0 versions prior to 2.1.0. Hitachi ABB Power Grids GMS600 1.3.0 version 1.3.0 and prior versions. Hitachi ABB Power Grids PWC600 1.0 versions prior to 1.0.1.4; 1.1 versions prior to 1.1.0.1.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hitachienergy:relion_670_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "00D11467-7696-4FDB-B8DD-F2917157668B",
"versionEndExcluding": "1.2.3.20",
"versionStartIncluding": "1.2.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:relion_670_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28590C3A-A815-49A1-A829-520EACB98419",
"versionEndExcluding": "2.0.0.13",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:relion_670_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B0DA2128-1DAC-4A6C-B603-C378BE6FB913",
"versionEndExcluding": "2.2.0.13",
"versionStartIncluding": "2.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:relion_670_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "640A3E39-8ACD-4239-A4F4-C56D9EC552F5",
"versionEndExcluding": "2.2.1.6",
"versionStartIncluding": "2.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:relion_670_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0B4A6B2-D92C-4BB9-BFB8-9211B90EB46F",
"versionEndExcluding": "2.2.2.3",
"versionStartIncluding": "2.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:relion_670_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F16220A2-64E7-4203-9CCB-5D4F6BFD82CD",
"versionEndExcluding": "2.2.3.2",
"versionStartIncluding": "2.2.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:relion_670_firmware:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E90A092F-3851-4255-8671-C4DFD2C98515",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:relion_670_firmware:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0F147EE7-0312-4BA6-ABAB-31CCFCA5AA75",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hitachienergy:relion_670:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ADA98332-543F-48A7-B63C-B39F679D47F0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hitachienergy:relion_650_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D91C6882-0A32-4262-8AD1-9FF6CD394C73",
"versionEndExcluding": "1.3.0.7",
"versionStartIncluding": "1.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:relion_650_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BBA7C4BD-7161-4D15-AD98-23E12AC3C9A0",
"versionEndExcluding": "2.2.0.13",
"versionStartIncluding": "2.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:relion_650_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C55FB92E-DCA9-494E-8A9F-E15338C1BBF8",
"versionEndExcluding": "2.2.1.6",
"versionStartIncluding": "2.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:relion_650_firmware:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BC40F16C-2EE1-4AEE-BF48-793EFBECDACD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:relion_650_firmware:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "01F1DA45-C118-4F65-B4F4-FD6A88441711",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:relion_650_firmware:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D4C01C39-A91C-437F-BAF9-7E578D703685",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hitachienergy:relion_650:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1C658029-20F4-411A-B1FE-B4E07D590775",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hitachienergy:relion_sam600-io_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B4D898A4-F841-4B84-90DB-86DE309B873C",
"versionEndExcluding": "2.2.1.6",
"versionStartIncluding": "2.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hitachienergy:relion_sam600-io:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E73E9D1A-1DFE-4B7C-81F1-0809071A3DDB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hitachienergy:rtu500_firmware:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "418011E9-2321-4441-B94F-D301BB2B8E14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:rtu500_firmware:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BFCBB24F-E33A-458C-82DC-38C94396E154",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:rtu500_firmware:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B26BAAA-1B1D-4044-ABEA-D3EF94CE000D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:rtu500_firmware:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "05421226-9147-40AF-8745-58F797EB35CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:rtu500_firmware:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A9BEC4B-E339-44AE-9965-801E20F19D9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:rtu500_firmware:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BA3F33A-8787-4128-A790-685BCB272A82",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hitachienergy:rtu500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE94252D-03EE-451B-8322-B4DBC790C6E9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hitachienergy:reb500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BAE12CFF-2C17-45CB-A022-12D47A3FB329",
"versionEndExcluding": "7.60.19",
"versionStartIncluding": "7.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:reb500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9273FD4-AD73-47E3-A768-640380172C13",
"versionEndExcluding": "8.2.0.5",
"versionStartIncluding": "8.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:reb500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "38B88E99-B0DB-4175-A2DE-7DC6FEA35493",
"versionEndIncluding": "8.3.1.0",
"versionStartIncluding": "8.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hitachienergy:reb500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0325854D-52C2-4126-8805-638243FD708E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hitachienergy:fox615_tego1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F035CC8-4942-4C58-A019-4010771B0DB7",
"versionEndExcluding": "r2a16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hitachienergy:fox615_tego1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2AE327A1-E89A-4A6F-87C7-D2EFF0433380",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hitachienergy:modular_switchgear_monitoring_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9152BE01-EF40-474D-9895-006C730791A1",
"versionEndExcluding": "2.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hitachienergy:modular_switchgear_monitoring:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6CBD92D1-045F-44D8-99B1-12C28B0271F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hitachienergy:gms600_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "898A2A1A-0874-421B-B673-9DBDD1D00BAE",
"versionEndIncluding": "1.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hitachienergy:gms600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CB13E178-8C41-4FDB-89AE-23D0A9930B94",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hitachienergy:pwc600_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CBB5AAB-60E6-4A9E-A4B4-0B26ECA49340",
"versionEndExcluding": "1.0.1.4",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:pwc600_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "955382CE-CDF8-4706-83AC-C4DC616F84E4",
"versionEndExcluding": "1.1.0.1",
"versionStartIncluding": "1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hitachienergy:pwc600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C8CBFF7D-3B2E-4FA5-9E0C-15B78AFC8165",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation vulnerability in Hitachi ABB Power Grids Relion 670 Series, Relion 670/650 Series, Relion 670/650/SAM600-IO, Relion 650, REB500, RTU500 Series, FOX615 (TEGO1), MSM, GMS600, PWC600 allows an attacker with access to the IEC 61850 network with knowledge of how to reproduce the attack, as well as the IP addresses of the different IEC 61850 access points (of IEDs/products), to force the device to reboot, which renders the device inoperable for approximately 60 seconds. This vulnerability affects only products with IEC 61850 interfaces. This issue affects: Hitachi ABB Power Grids Relion 670 Series 1.1; 1.2.3 versions prior to 1.2.3.20; 2.0 versions prior to 2.0.0.13; 2.1; 2.2.2 versions prior to 2.2.2.3; 2.2.3 versions prior to 2.2.3.2. Hitachi ABB Power Grids Relion 670/650 Series 2.2.0 versions prior to 2.2.0.13. Hitachi ABB Power Grids Relion 670/650/SAM600-IO 2.2.1 versions prior to 2.2.1.6. Hitachi ABB Power Grids Relion 650 1.1; 1.2; 1.3 versions prior to 1.3.0.7. Hitachi ABB Power Grids REB500 7.3; 7.4; 7.5; 7.6; 8.2; 8.3. Hitachi ABB Power Grids RTU500 Series 7.x version 7.x and prior versions; 8.x version 8.x and prior versions; 9.x version 9.x and prior versions; 10.x version 10.x and prior versions; 11.x version 11.x and prior versions; 12.x version 12.x and prior versions. Hitachi ABB Power Grids FOX615 (TEGO1) R1D02 version R1D02 and prior versions. Hitachi ABB Power Grids MSM 2.1.0 versions prior to 2.1.0. Hitachi ABB Power Grids GMS600 1.3.0 version 1.3.0 and prior versions. Hitachi ABB Power Grids PWC600 1.0 versions prior to 1.0.1.4; 1.1 versions prior to 1.1.0.1."
},
{
"lang": "es",
"value": "Una vulnerabilidad de comprobaci\u00f3n inapropiada de la entrada en Hitachi ABB Power Grids Relion 670, Relion 670/650 Series, Relion 670/650/SAM600-IO, Relion 650, REB500, RTU500 Series, FOX615 (TEGO1), MSM, GMS600, PWC600, permite a un atacante con acceso a la red IEC 61850 que conozca c\u00f3mo reproducir el ataque, as\u00ed como las direcciones IP de los diferentes puntos de acceso IEC 61850 (de los IED/productos), pueda forzar el reinicio del dispositivo, lo que lo deja inoperativo durante aproximadamente 60 segundos. Esta vulnerabilidad afecta \u00fanicamente a los productos con interfaces IEC 61850. Este problema afecta a: Hitachi ABB Power Grids Relion 670 Series versiones 1.1; versiones 1.2.3 anteriores a 1.2.3.20; versiones 2.0 anteriores a 2.0.0.13; versiones 2.1; versiones 2.2.2 anteriores a 2.2.2.3; 2.2.3 anteriores a 2.2.3.2. Hitachi ABB Power Grids Relion 670/650 Series versiones 2.2.0 anteriores a 2.2.0.13. Hitachi ABB Power Grids Relion 670/650/SAM600-IO versiones 2.2.1 anteriores a 2.2.1.6. Hitachi ABB Power Grids Relion 650 versiones 1.1; 1.2; versiones 1.3 anteriores a 1.3.0.7. Hitachi ABB Power Grids REB500 versiones 7.3; 7.4; versiones 7.5; 7.6; 8.2; 8.3. Hitachi ABB Power Grids RTU500 Series 7.x versiones 7.x y versiones anteriores; versiones 8.x y versiones anteriores; versiones 9.x, 9.x y versiones anteriores; versiones 10.x .x y versiones anteriores; versiones 11.x y versiones anteriores; versiones 12.x y versiones anteriores. Hitachi ABB Power Grids FOX615 (TEGO1) R1D02 versiones R1D02 y anteriores. Hitachi ABB Power Grids MSM versiones 2.1.0 anteriores a 2.1.0. Hitachi ABB Power Grids GMS600 versiones 1.3.0, 1.3.0 y anteriores. Hitachi ABB Power Grids PWC600 versiones 1.0 anteriores a 1.0.1.4; versiones 1.1 anteriores a 1.1.0.1"
}
],
"id": "CVE-2021-27196",
"lastModified": "2024-11-21T05:57:32.600",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-14T22:15:11.687",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A8932\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A8934\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A8936\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A8937\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A9057\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A9058\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A9059\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A8932\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A8934\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A8936\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A8937\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A9057\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A9058\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A9059\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-02-21 14:15
Modified
2024-11-21 07:19
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A vulnerability exists in the IEC 61850 communication stack that affects multiple Hitachi Energy products.
An attacker could exploit the vulnerability by using a specially crafted message sequence, to force the IEC 61850 MMS-server communication stack, to stop accepting new MMS-client connections.
Already existing/established client-server connections are not affected.
List of affected CPEs:
* cpe:2.3:o:hitachienergy:fox61x_tego1:r15b08:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:fox61x_tego1:r2a16_3:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:fox61x_tego1:r2a16:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:fox61x_tego1:r1e01:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:fox61x_tego1:r1d02:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:fox61x_tego1:r1c07:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:fox61x_tego1:r1b02:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:gms600:1.3.0:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.1.*:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.5.*:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.6.0:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.6.0.1:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.7.0:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.7.2:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.8.0:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.0.*:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.1.0.4:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.1.0.5:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.*:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.4:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.4.1:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:mms:2.2.3:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:pwc600:1.0:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:pwc600:1.1:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:pwc600:1.2:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:reb500:7:*:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:reb500:8:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:relion670:1.2.*:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:relion670:2.0.*:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:relion650:1.1.*:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:relion650:1.3.*:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:relion650:2.1.*:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:relion670:2.1.*:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:relionSAM600-IO:2.2.1:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:relionSAM600-IO:2.2.5:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:relion670:2.2.*:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:relion650:2.2.*:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:rtu500cmu:12.*.*:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:rtu500cmu:13.*.*:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:txpert_hub_coretec_4:2.*:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:txpert_hub_coretec_4:3.0:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:txpert_hub_coretec_5:3.0:*:*:*:*:*:*:*
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hitachienergy:sys600_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC57CAB3-20C9-44D6-8677-17DBAC8FF49F",
"versionEndIncluding": "10.3.1",
"versionStartIncluding": "10.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hitachienergy:sys600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "42B6499F-D82D-4B02-BBEC-60B36FB0C678",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hitachienergy:rtu500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "469A34A6-EBE4-431C-A986-888BAF525E3C",
"versionEndIncluding": "12.0.14.0",
"versionStartIncluding": "12.0.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:rtu500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "497CA762-15EB-486D-BCC7-742A44F0DF9D",
"versionEndIncluding": "12.2.11.0",
"versionStartIncluding": "12.2.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:rtu500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CC749956-FA2D-4B16-8401-C015712A934C",
"versionEndIncluding": "12.4.11.0",
"versionStartIncluding": "12.4.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:rtu500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3D25273A-BBD5-4619-93C4-92A12F301088",
"versionEndIncluding": "12.6.8.0",
"versionStartIncluding": "12.6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:rtu500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3F726C7-E635-4525-984D-6EADBAA09933",
"versionEndIncluding": "12.7.4.0",
"versionStartIncluding": "12.7.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:rtu500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AC0F3E7E-B079-4488-BED6-E07BDE63C421",
"versionEndIncluding": "13.2.5.0",
"versionStartIncluding": "13.2.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:rtu500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D04CB998-0D74-4CD1-9F99-773103CB9979",
"versionEndIncluding": "13.3.3",
"versionStartIncluding": "13.3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:rtu500_firmware:13.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C0763F03-C6C8-4104-9028-3CF265F289D5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hitachienergy:rtu500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE94252D-03EE-451B-8322-B4DBC790C6E9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hitachienergy:reb500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "432FCDCF-03F2-4A0C-9ACA-73A012F43237",
"versionEndExcluding": "8.3.3",
"versionStartIncluding": "7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hitachienergy:reb500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0325854D-52C2-4126-8805-638243FD708E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hitachienergy:pwc600_firmware:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "91984E74-C518-472A-ADCF-3BF61781111B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:pwc600_firmware:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DAF326E7-792D-434C-9211-F6CEB8B8F1C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:pwc600_firmware:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9F7F2E89-2095-48F0-A8EA-0C13E10A9362",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hitachienergy:pwc600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C8CBFF7D-3B2E-4FA5-9E0C-15B78AFC8165",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hitachienergy:modular_switchgear_monitoring_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A31EE60F-F80D-40AF-A7C8-8EA462E48918",
"versionEndIncluding": "2.2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hitachienergy:modular_switchgear_monitoring:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6CBD92D1-045F-44D8-99B1-12C28B0271F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "23F810B7-E97C-4530-A0C5-789D55F4CAE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "427E4F50-4077-4515-B2EA-BF57D5A7489C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5E44F3FA-1450-4467-A509-6DA42057B69E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A67CF9CA-CDF6-4E87-A801-18B34D051A01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E327F624-ABE5-408D-AC34-EEE71024B689",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "27E57915-8250-4544-9F5B-FD520BA72F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0F13838-1555-4206-A4D1-9AFECBBAFD33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C74028E3-6FD9-4EAE-BA31-CE1208096ACF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F86C507F-0E18-437C-A1A5-258825E78FA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5BE52382-38FA-488F-851D-598AED0C8B6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "93C5044A-4AB4-40EF-976F-CDD16FA90F1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1B2696FC-1C4C-4586-854C-7235ADD8376D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "92B6B5B8-4E81-4450-94E6-CDFA26362A6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "929384A7-474C-448D-9834-23562CDF2B66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5DB26367-5B5D-4ED3-A103-204DBCF5CBF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.0.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4CE69E47-37D7-4F0E-A759-BD54565DF88D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FFB8C856-A056-4D7F-8C5D-30A409BCD22C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "91685621-1937-4494-89AF-7AC1973A2ABE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hitachienergy:relion_sam600-io_firmware:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DB5C50F4-CF04-4C13-868A-F7ECE49DE01B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:relion_sam600-io_firmware:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "698AED51-5521-4D9C-B2FA-F3D8526D9FB6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hitachienergy:relion_sam600-io:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E73E9D1A-1DFE-4B7C-81F1-0809071A3DDB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hitachienergy:relion_650_firmware:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BC40F16C-2EE1-4AEE-BF48-793EFBECDACD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:relion_650_firmware:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "82F2E748-7331-4B34-8474-A43A1220D208",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:relion_650_firmware:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D4C01C39-A91C-437F-BAF9-7E578D703685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:relion_650_firmware:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EA73DFC1-3953-48DB-BF8C-545BE5B7BFAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:relion_650_firmware:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A406AD0-38C5-4C32-AA88-AA45EE97C315",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:relion_650_firmware:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7B4E0311-0967-4AC9-B426-CAA0AF06855E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:relion_650_firmware:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB22A258-06C5-48E5-BEF0-9324BD7D301A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:relion_650_firmware:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "48B56792-02FF-4E3E-B306-DC58FED37128",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:relion_650_firmware:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "22E5CD7F-CD9D-4E89-BF2F-944300121D11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hitachienergy:relion_650:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1C658029-20F4-411A-B1FE-B4E07D590775",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hitachienergy:relion_670_firmware:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "63925E29-DB8F-4568-AD16-41C84A9C8EBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:relion_670_firmware:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA499D5E-A693-454D-B28D-E5D2247D1196",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:relion_670_firmware:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0F147EE7-0312-4BA6-ABAB-31CCFCA5AA75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:relion_670_firmware:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B91C1D5F-FE14-4121-A7C8-16F08D652610",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:relion_670_firmware:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A59F3E51-D3D5-4846-B8AA-6BAD4BCCCCE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:relion_670_firmware:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E368A106-A236-4A42-8608-43F47EB4A2C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:relion_670_firmware:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "29D2A64B-F136-49B8-9AF8-F8057F9227E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:relion_670_firmware:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8F2F0B80-070C-4610-862B-346994BFEC51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:relion_670_firmware:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "06064F73-366D-48C6-AACE-DCFC2F1B8E0E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hitachienergy:relion_670:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ADA98332-543F-48A7-B63C-B39F679D47F0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hitachienergy:gms600_firmware:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C54D374C-379B-4912-9330-30488C19F66C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hitachienergy:gms600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CB13E178-8C41-4FDB-89AE-23D0A9930B94",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hitachienergy:fox615_tego1_firmware:r1b02:*:*:*:*:*:*:*",
"matchCriteriaId": "D7B54A23-399B-4080-A15F-4C0CBA743E67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:fox615_tego1_firmware:r1c07:*:*:*:*:*:*:*",
"matchCriteriaId": "8C94ED80-743F-455D-90A4-35FFE7710A5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:fox615_tego1_firmware:r1d02:*:*:*:*:*:*:*",
"matchCriteriaId": "528BF8FA-44BD-40F0-8A60-D0AE659EBBC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:fox615_tego1_firmware:r1e01:*:*:*:*:*:*:*",
"matchCriteriaId": "A16F36DD-FF97-42CE-BB19-B7AE4B15356D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:fox615_tego1_firmware:r2b16:*:*:*:*:*:*:*",
"matchCriteriaId": "9E7121E7-7B4E-4CA1-8021-66B324CA2D29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:fox615_tego1_firmware:r2b16_03:*:*:*:*:*:*:*",
"matchCriteriaId": "DBAF5025-6B2A-44C3-99AF-FD10ADFF19B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:fox615_tego1_firmware:r15b08:*:*:*:*:*:*:*",
"matchCriteriaId": "76644F1E-8664-4F70-9553-D773D1362E06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hitachienergy:fox615_tego1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2AE327A1-E89A-4A6F-87C7-D2EFF0433380",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hitachienergy:txpert_hub_coretec_4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "419DB11F-2E9E-4E72-B6D4-FE34A4F0B9C6",
"versionEndIncluding": "3.0.0",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hitachienergy:txpert_hub_coretec_4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3ADE055E-8EE4-4CCE-9326-B70C101F0EF3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hitachienergy:txpert_hub_coretec_5_firmware:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "811B1987-4966-477D-8900-55E522AAC4E0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hitachienergy:txpert_hub_coretec_5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0266D80-DE86-4BF0-BF39-91EF99C4802C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\n\n\nA vulnerability exists in the IEC 61850 communication stack that affects multiple Hitachi Energy products.\u00a0\n\nAn attacker could exploit the vulnerability by using a specially crafted message sequence, to force the IEC 61850 MMS-server communication stack, to stop accepting new MMS-client connections.\u00a0\n\n\n\n\nAlready existing/established client-server connections are not affected.\n\n\n\n\n\nList of affected CPEs:\n\n\n\n\n * cpe:2.3:o:hitachienergy:fox61x_tego1:r15b08:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:fox61x_tego1:r2a16_3:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:fox61x_tego1:r2a16:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:fox61x_tego1:r1e01:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:fox61x_tego1:r1d02:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:fox61x_tego1:r1c07:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:fox61x_tego1:r1b02:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:gms600:1.3.0:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.1.*:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.5.*:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.6.0:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.6.0.1:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.7.0:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.7.2:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.8.0:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.0.*:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.1.0.4:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.1.0.5:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.*:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.4:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.4.1:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:mms:2.2.3:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:pwc600:1.0:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:pwc600:1.1:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:pwc600:1.2:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:reb500:7:*:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:reb500:8:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:relion670:1.2.*:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:relion670:2.0.*:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:relion650:1.1.*:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:relion650:1.3.*:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:relion650:2.1.*:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:relion670:2.1.*:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:relionSAM600-IO:2.2.1:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:relionSAM600-IO:2.2.5:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:relion670:2.2.*:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:relion650:2.2.*:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:rtu500cmu:12.*.*:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:rtu500cmu:13.*.*:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:txpert_hub_coretec_4:2.*:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:txpert_hub_coretec_4:3.0:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:txpert_hub_coretec_5:3.0:*:*:*:*:*:*:*\n\n\n\n\n\n\n"
}
],
"id": "CVE-2022-3353",
"lastModified": "2024-11-21T07:19:21.390",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "cybersecurity@hitachienergy.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-21T14:15:13.463",
"references": [
{
"source": "cybersecurity@hitachienergy.com",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000124\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"source": "cybersecurity@hitachienergy.com",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000125\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"source": "cybersecurity@hitachienergy.com",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000126\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"source": "cybersecurity@hitachienergy.com",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000127\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"source": "cybersecurity@hitachienergy.com",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000128\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"source": "cybersecurity@hitachienergy.com",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000129\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"source": "cybersecurity@hitachienergy.com",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000130\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"source": "cybersecurity@hitachienergy.com",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000131\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"source": "cybersecurity@hitachienergy.com",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000132\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"source": "cybersecurity@hitachienergy.com",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000133\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000124\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000125\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000126\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000127\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000128\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000129\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000130\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000131\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000132\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000133\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"sourceIdentifier": "cybersecurity@hitachienergy.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-404"
}
],
"source": "cybersecurity@hitachienergy.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-404"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-25 15:15
Modified
2024-11-21 06:23
Severity ?
5.0 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A vulnerability exists in the http web interface where the web interface does not validate data in an HTTP header. This causes a possible HTTP response splitting, which if exploited could lead an attacker to channel down harmful code into the user’s web browser, such as to steal the session cookies. Thus, an attacker who successfully makes an MSM user who has already established a session to MSM web interface clicks a forged link to the MSM web interface, e.g., the link is sent per E-Mail, could trick the user into downloading malicious software onto his computer. This issue affects: Hitachi Energy MSM V2.2 and prior versions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hitachienergy | modular_switchgear_monitoring_firmware | * | |
| hitachienergy | modular_switchgear_monitoring | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hitachienergy:modular_switchgear_monitoring_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "105E197F-5BCD-445C-B20B-294619685EC5",
"versionEndIncluding": "2.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hitachienergy:modular_switchgear_monitoring:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6CBD92D1-045F-44D8-99B1-12C28B0271F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability exists in the http web interface where the web interface does not validate data in an HTTP header. This causes a possible HTTP response splitting, which if exploited could lead an attacker to channel down harmful code into the user\u2019s web browser, such as to steal the session cookies. Thus, an attacker who successfully makes an MSM user who has already established a session to MSM web interface clicks a forged link to the MSM web interface, e.g., the link is sent per E-Mail, could trick the user into downloading malicious software onto his computer. This issue affects: Hitachi Energy MSM V2.2 and prior versions."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad en la interfaz web http en la que \u00e9sta no comprueba los datos de un encabezado HTTP. Esto causa una posible divisi\u00f3n de la respuesta HTTP, que si es explotada podr\u00eda conllevar a un atacante a canalizar c\u00f3digo da\u00f1ino en el navegador web del usuario, como por ejemplo robar las cookies de sesi\u00f3n. As\u00ed, un atacante que consiga que un usuario de MSM que ya ha establecido una sesi\u00f3n en la interfaz web de MSM haga clic en un enlace falsificado a la interfaz web de MSM, por ejemplo, el enlace es enviado por correo electr\u00f3nico, podr\u00eda enga\u00f1ar al usuario para que descargue software malicioso en su ordenador. Este problema afecta a: Hitachi Energy MSM versiones V2.2 y versiones anteriores"
}
],
"id": "CVE-2021-40336",
"lastModified": "2024-11-21T06:23:53.440",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.4,
"source": "cybersecurity@hitachienergy.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-25T15:15:09.247",
"references": [
{
"source": "cybersecurity@hitachienergy.com",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000085\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000085\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"sourceIdentifier": "cybersecurity@hitachienergy.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-113"
}
],
"source": "cybersecurity@hitachienergy.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-25 15:15
Modified
2024-11-21 06:23
Severity ?
5.0 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A vulnerability exists in the HTTP web interface where the web interface does not sufficiently verify if a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. This cause a Cross Site Request Forgery (CSRF), which if exploited could lead an attacker to gain unauthorized access to the web application and perform an unwanted operation on it without the knowledge of the legitimate user. An attacker, who successfully makes an MSM user who has already established a session to MSM web interface clicks a forged link to the MSM web interface, e.g., link is sent per E-Mail, could perform harmful command on MSM through its web server interface. This issue affects: Hitachi Energy MSM V2.2 and prior versions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hitachienergy | modular_switchgear_monitoring_firmware | * | |
| hitachienergy | modular_switchgear_monitoring | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hitachienergy:modular_switchgear_monitoring_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "105E197F-5BCD-445C-B20B-294619685EC5",
"versionEndIncluding": "2.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hitachienergy:modular_switchgear_monitoring:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6CBD92D1-045F-44D8-99B1-12C28B0271F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability exists in the HTTP web interface where the web interface does not sufficiently verify if a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. This cause a Cross Site Request Forgery (CSRF), which if exploited could lead an attacker to gain unauthorized access to the web application and perform an unwanted operation on it without the knowledge of the legitimate user. An attacker, who successfully makes an MSM user who has already established a session to MSM web interface clicks a forged link to the MSM web interface, e.g., link is sent per E-Mail, could perform harmful command on MSM through its web server interface. This issue affects: Hitachi Energy MSM V2.2 and prior versions."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad en la interfaz web HTTP en la que la interfaz web no comprueba suficientemente si una petici\u00f3n bien formada, v\u00e1lida y coherente fue proporcionada intencionalmente por el usuario que envi\u00f3 la petici\u00f3n. Esto causa una vulnerabilidad de tipo Cross Site Request Forgery (CSRF), que si es explotada podr\u00eda conllevar a un atacante a obtener acceso no autorizado a la aplicaci\u00f3n web y llevar a cabo una operaci\u00f3n no deseada en ella sin el conocimiento del usuario leg\u00edtimo. Un atacante, que logra que un usuario de MSM que ya ha establecido una sesi\u00f3n con la interfaz web de MSM haga clic en un enlace falsificado a la interfaz web de MSM, por ejemplo, el enlace es enviado por correo electr\u00f3nico, podr\u00eda llevar a cabo un comando da\u00f1ino en MSM mediante su interfaz de servidor web. Este problema afecta a: Hitachi Energy MSM versiones V2.2 y versiones anteriores"
}
],
"id": "CVE-2021-40335",
"lastModified": "2024-11-21T06:23:53.280",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.4,
"source": "cybersecurity@hitachienergy.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-25T15:15:09.173",
"references": [
{
"source": "cybersecurity@hitachienergy.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000085\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000085\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"sourceIdentifier": "cybersecurity@hitachienergy.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "cybersecurity@hitachienergy.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2021-40336 (GCVE-0-2021-40336)
Vulnerability from cvelistv5
Published
2022-07-25 14:34
Modified
2024-09-17 02:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-113 - Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
Summary
A vulnerability exists in the http web interface where the web interface does not validate data in an HTTP header. This causes a possible HTTP response splitting, which if exploited could lead an attacker to channel down harmful code into the user’s web browser, such as to steal the session cookies. Thus, an attacker who successfully makes an MSM user who has already established a session to MSM web interface clicks a forged link to the MSM web interface, e.g., the link is sent per E-Mail, could trick the user into downloading malicious software onto his computer. This issue affects: Hitachi Energy MSM V2.2 and prior versions.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hitachi Energy | MSM |
Version: v2.2 < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:27:31.879Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000085\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MSM",
"vendor": "Hitachi Energy",
"versions": [
{
"lessThanOrEqual": "V2.2",
"status": "affected",
"version": "v2.2",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-07-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability exists in the http web interface where the web interface does not validate data in an HTTP header. This causes a possible HTTP response splitting, which if exploited could lead an attacker to channel down harmful code into the user\u2019s web browser, such as to steal the session cookies. Thus, an attacker who successfully makes an MSM user who has already established a session to MSM web interface clicks a forged link to the MSM web interface, e.g., the link is sent per E-Mail, could trick the user into downloading malicious software onto his computer. This issue affects: Hitachi Energy MSM V2.2 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-113",
"description": "CWE-113 Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Response Splitting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-25T14:34:20",
"orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"shortName": "Hitachi Energy"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000085\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "HTTP Response Splitting in Hitachi Energy\u2019s MSM Product",
"workarounds": [
{
"lang": "en",
"value": "Apply mitigation strategy as described in Mitigation Factors Section in the advisory."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@hitachienergy.com",
"DATE_PUBLIC": "2022-07-12T14:30:00.000Z",
"ID": "CVE-2021-40336",
"STATE": "PUBLIC",
"TITLE": "HTTP Response Splitting in Hitachi Energy\u2019s MSM Product"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MSM",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "v2.2",
"version_value": "V2.2"
}
]
}
}
]
},
"vendor_name": "Hitachi Energy"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability exists in the http web interface where the web interface does not validate data in an HTTP header. This causes a possible HTTP response splitting, which if exploited could lead an attacker to channel down harmful code into the user\u2019s web browser, such as to steal the session cookies. Thus, an attacker who successfully makes an MSM user who has already established a session to MSM web interface clicks a forged link to the MSM web interface, e.g., the link is sent per E-Mail, could trick the user into downloading malicious software onto his computer. This issue affects: Hitachi Energy MSM V2.2 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-113 Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Response Splitting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000085\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "CONFIRM",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000085\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
]
},
"source": {
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Apply mitigation strategy as described in Mitigation Factors Section in the advisory."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"assignerShortName": "Hitachi Energy",
"cveId": "CVE-2021-40336",
"datePublished": "2022-07-25T14:34:20.375500Z",
"dateReserved": "2021-08-31T00:00:00",
"dateUpdated": "2024-09-17T02:58:14.314Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27196 (GCVE-0-2021-27196)
Vulnerability from cvelistv5
Published
2021-06-14 21:20
Modified
2024-09-17 03:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Improper Input Validation vulnerability in Hitachi ABB Power Grids Relion 670 Series, Relion 670/650 Series, Relion 670/650/SAM600-IO, Relion 650, REB500, RTU500 Series, FOX615 (TEGO1), MSM, GMS600, PWC600 allows an attacker with access to the IEC 61850 network with knowledge of how to reproduce the attack, as well as the IP addresses of the different IEC 61850 access points (of IEDs/products), to force the device to reboot, which renders the device inoperable for approximately 60 seconds. This vulnerability affects only products with IEC 61850 interfaces. This issue affects: Hitachi ABB Power Grids Relion 670 Series 1.1; 1.2.3 versions prior to 1.2.3.20; 2.0 versions prior to 2.0.0.13; 2.1; 2.2.2 versions prior to 2.2.2.3; 2.2.3 versions prior to 2.2.3.2. Hitachi ABB Power Grids Relion 670/650 Series 2.2.0 versions prior to 2.2.0.13. Hitachi ABB Power Grids Relion 670/650/SAM600-IO 2.2.1 versions prior to 2.2.1.6. Hitachi ABB Power Grids Relion 650 1.1; 1.2; 1.3 versions prior to 1.3.0.7. Hitachi ABB Power Grids REB500 7.3; 7.4; 7.5; 7.6; 8.2; 8.3. Hitachi ABB Power Grids RTU500 Series 7.x version 7.x and prior versions; 8.x version 8.x and prior versions; 9.x version 9.x and prior versions; 10.x version 10.x and prior versions; 11.x version 11.x and prior versions; 12.x version 12.x and prior versions. Hitachi ABB Power Grids FOX615 (TEGO1) R1D02 version R1D02 and prior versions. Hitachi ABB Power Grids MSM 2.1.0 versions prior to 2.1.0. Hitachi ABB Power Grids GMS600 1.3.0 version 1.3.0 and prior versions. Hitachi ABB Power Grids PWC600 1.0 versions prior to 1.0.1.4; 1.1 versions prior to 1.1.0.1.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:40:47.477Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A8932\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A8936\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A8934\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A8937\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A9057\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A9058\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A9059\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Hitachi ABB Power Grids thanks the following for working with us to help protect customers: Markus Mahrla, GAI NetConsult GmbH and Lars Lengersdorf, Amprion GmbH"
}
],
"datePublic": "2021-03-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation vulnerability in Hitachi ABB Power Grids Relion 670 Series, Relion 670/650 Series, Relion 670/650/SAM600-IO, Relion 650, REB500, RTU500 Series, FOX615 (TEGO1), MSM, GMS600, PWC600 allows an attacker with access to the IEC 61850 network with knowledge of how to reproduce the attack, as well as the IP addresses of the different IEC 61850 access points (of IEDs/products), to force the device to reboot, which renders the device inoperable for approximately 60 seconds. This vulnerability affects only products with IEC 61850 interfaces. This issue affects: Hitachi ABB Power Grids Relion 670 Series 1.1; 1.2.3 versions prior to 1.2.3.20; 2.0 versions prior to 2.0.0.13; 2.1; 2.2.2 versions prior to 2.2.2.3; 2.2.3 versions prior to 2.2.3.2. Hitachi ABB Power Grids Relion 670/650 Series 2.2.0 versions prior to 2.2.0.13. Hitachi ABB Power Grids Relion 670/650/SAM600-IO 2.2.1 versions prior to 2.2.1.6. Hitachi ABB Power Grids Relion 650 1.1; 1.2; 1.3 versions prior to 1.3.0.7. Hitachi ABB Power Grids REB500 7.3; 7.4; 7.5; 7.6; 8.2; 8.3. Hitachi ABB Power Grids RTU500 Series 7.x version 7.x and prior versions; 8.x version 8.x and prior versions; 9.x version 9.x and prior versions; 10.x version 10.x and prior versions; 11.x version 11.x and prior versions; 12.x version 12.x and prior versions. Hitachi ABB Power Grids FOX615 (TEGO1) R1D02 version R1D02 and prior versions. Hitachi ABB Power Grids MSM 2.1.0 versions prior to 2.1.0. Hitachi ABB Power Grids GMS600 1.3.0 version 1.3.0 and prior versions. Hitachi ABB Power Grids PWC600 1.0 versions prior to 1.0.1.4; 1.1 versions prior to 1.1.0.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-14T21:20:38",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A8932\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A8936\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A8934\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A8937\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A9057\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A9058\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A9059\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"solutions": [
{
"lang": "en",
"value": "Refer to the cybersecurity advisories at https://www.hitachiabb-powergrids.com/offering/solutions/cybersecurity/alerts-and-notifications"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Specially Crafted IEC 61850 Protocol Sequence Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_PUBLIC": "2021-03-15T11:00:00.000Z",
"ID": "CVE-2021-27196",
"STATE": "PUBLIC",
"TITLE": "Specially Crafted IEC 61850 Protocol Sequence Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Hitachi ABB Power Grids thanks the following for working with us to help protect customers: Markus Mahrla, GAI NetConsult GmbH and Lars Lengersdorf, Amprion GmbH"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Input Validation vulnerability in Hitachi ABB Power Grids Relion 670 Series, Relion 670/650 Series, Relion 670/650/SAM600-IO, Relion 650, REB500, RTU500 Series, FOX615 (TEGO1), MSM, GMS600, PWC600 allows an attacker with access to the IEC 61850 network with knowledge of how to reproduce the attack, as well as the IP addresses of the different IEC 61850 access points (of IEDs/products), to force the device to reboot, which renders the device inoperable for approximately 60 seconds. This vulnerability affects only products with IEC 61850 interfaces. This issue affects: Hitachi ABB Power Grids Relion 670 Series 1.1; 1.2.3 versions prior to 1.2.3.20; 2.0 versions prior to 2.0.0.13; 2.1; 2.2.2 versions prior to 2.2.2.3; 2.2.3 versions prior to 2.2.3.2. Hitachi ABB Power Grids Relion 670/650 Series 2.2.0 versions prior to 2.2.0.13. Hitachi ABB Power Grids Relion 670/650/SAM600-IO 2.2.1 versions prior to 2.2.1.6. Hitachi ABB Power Grids Relion 650 1.1; 1.2; 1.3 versions prior to 1.3.0.7. Hitachi ABB Power Grids REB500 7.3; 7.4; 7.5; 7.6; 8.2; 8.3. Hitachi ABB Power Grids RTU500 Series 7.x version 7.x and prior versions; 8.x version 8.x and prior versions; 9.x version 9.x and prior versions; 10.x version 10.x and prior versions; 11.x version 11.x and prior versions; 12.x version 12.x and prior versions. Hitachi ABB Power Grids FOX615 (TEGO1) R1D02 version R1D02 and prior versions. Hitachi ABB Power Grids MSM 2.1.0 versions prior to 2.1.0. Hitachi ABB Power Grids GMS600 1.3.0 version 1.3.0 and prior versions. Hitachi ABB Power Grids PWC600 1.0 versions prior to 1.0.1.4; 1.1 versions prior to 1.1.0.1."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A8932\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "CONFIRM",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A8932\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A8936\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "CONFIRM",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A8936\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A8934\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "CONFIRM",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A8934\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A8937\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "CONFIRM",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A8937\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A9057\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "CONFIRM",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A9057\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A9058\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "CONFIRM",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A9058\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A9059\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "CONFIRM",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A9059\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
]
},
"solution": [
{
"lang": "en",
"value": "Refer to the cybersecurity advisories at https://www.hitachiabb-powergrids.com/offering/solutions/cybersecurity/alerts-and-notifications"
},
{
"lang": "en"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-27196",
"datePublished": "2021-06-14T21:20:38.696789Z",
"dateReserved": "2021-02-12T00:00:00",
"dateUpdated": "2024-09-17T03:17:31.626Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-40335 (GCVE-0-2021-40335)
Vulnerability from cvelistv5
Published
2022-07-25 14:32
Modified
2024-09-16 23:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Summary
A vulnerability exists in the HTTP web interface where the web interface does not sufficiently verify if a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. This cause a Cross Site Request Forgery (CSRF), which if exploited could lead an attacker to gain unauthorized access to the web application and perform an unwanted operation on it without the knowledge of the legitimate user. An attacker, who successfully makes an MSM user who has already established a session to MSM web interface clicks a forged link to the MSM web interface, e.g., link is sent per E-Mail, could perform harmful command on MSM through its web server interface. This issue affects: Hitachi Energy MSM V2.2 and prior versions.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hitachi Energy | MSM |
Version: v2.2 < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:27:31.911Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000085\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MSM",
"vendor": "Hitachi Energy",
"versions": [
{
"lessThanOrEqual": "V2.2",
"status": "affected",
"version": "v2.2",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-07-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability exists in the HTTP web interface where the web interface does not sufficiently verify if a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. This cause a Cross Site Request Forgery (CSRF), which if exploited could lead an attacker to gain unauthorized access to the web application and perform an unwanted operation on it without the knowledge of the legitimate user. An attacker, who successfully makes an MSM user who has already established a session to MSM web interface clicks a forged link to the MSM web interface, e.g., link is sent per E-Mail, could perform harmful command on MSM through its web server interface. This issue affects: Hitachi Energy MSM V2.2 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-25T14:32:14",
"orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"shortName": "Hitachi Energy"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000085\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Cross Site Request Forgery (CSRF) in Hitachi Energy\u2019s MSM Product",
"workarounds": [
{
"lang": "en",
"value": "Apply mitigation strategy as described in Mitigation Factors Section in the advisory."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@hitachienergy.com",
"DATE_PUBLIC": "2022-07-12T14:30:00.000Z",
"ID": "CVE-2021-40335",
"STATE": "PUBLIC",
"TITLE": "Cross Site Request Forgery (CSRF) in Hitachi Energy\u2019s MSM Product"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MSM",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "v2.2",
"version_value": "V2.2"
}
]
}
}
]
},
"vendor_name": "Hitachi Energy"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability exists in the HTTP web interface where the web interface does not sufficiently verify if a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. This cause a Cross Site Request Forgery (CSRF), which if exploited could lead an attacker to gain unauthorized access to the web application and perform an unwanted operation on it without the knowledge of the legitimate user. An attacker, who successfully makes an MSM user who has already established a session to MSM web interface clicks a forged link to the MSM web interface, e.g., link is sent per E-Mail, could perform harmful command on MSM through its web server interface. This issue affects: Hitachi Energy MSM V2.2 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000085\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "CONFIRM",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000085\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
]
},
"source": {
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Apply mitigation strategy as described in Mitigation Factors Section in the advisory."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"assignerShortName": "Hitachi Energy",
"cveId": "CVE-2021-40335",
"datePublished": "2022-07-25T14:32:14.467555Z",
"dateReserved": "2021-08-31T00:00:00",
"dateUpdated": "2024-09-16T23:40:51.199Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3353 (GCVE-0-2022-3353)
Vulnerability from cvelistv5
Published
2023-02-21 13:50
Modified
2025-03-12 15:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-404 - Improper Resource Shutdown or Release
Summary
A vulnerability exists in the IEC 61850 communication stack that affects multiple Hitachi Energy products.
An attacker could exploit the vulnerability by using a specially crafted message sequence, to force the IEC 61850 MMS-server communication stack, to stop accepting new MMS-client connections.
Already existing/established client-server connections are not affected.
List of affected CPEs:
* cpe:2.3:o:hitachienergy:fox61x_tego1:r15b08:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:fox61x_tego1:r2a16_3:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:fox61x_tego1:r2a16:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:fox61x_tego1:r1e01:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:fox61x_tego1:r1d02:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:fox61x_tego1:r1c07:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:fox61x_tego1:r1b02:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:gms600:1.3.0:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.1.*:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.5.*:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.6.0:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.6.0.1:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.7.0:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.7.2:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.8.0:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.0.*:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.1.0.4:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.1.0.5:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.*:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.4:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.4.1:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:mms:2.2.3:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:pwc600:1.0:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:pwc600:1.1:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:pwc600:1.2:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:reb500:7:*:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:reb500:8:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:relion670:1.2.*:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:relion670:2.0.*:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:relion650:1.1.*:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:relion650:1.3.*:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:relion650:2.1.*:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:relion670:2.1.*:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:relionSAM600-IO:2.2.1:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:relionSAM600-IO:2.2.5:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:relion670:2.2.*:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:relion650:2.2.*:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:rtu500cmu:12.*.*:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:rtu500cmu:13.*.*:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:txpert_hub_coretec_4:2.*:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:txpert_hub_coretec_4:3.0:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:txpert_hub_coretec_5:3.0:*:*:*:*:*:*:*
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Hitachi Energy | FOX61x TEGO1 |
Version: tego1_r15b08 Version: tego1_r2a16_03 Version: tego1_r2a16 Version: tego1_r1e01 Version: tego1_r1d02 Version: tego1_r1c07 Version: tego1_r1b02 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:07:06.451Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000125\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000126\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000128\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000133\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000129\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000130\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000131\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000127\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000132\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000124\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3353",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-12T15:16:44.962103Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T15:17:11.275Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FOX61x TEGO1",
"vendor": "Hitachi Energy",
"versions": [
{
"status": "unaffected",
"version": "tego1_r16a11"
},
{
"status": "affected",
"version": "tego1_r15b08"
},
{
"status": "affected",
"version": "tego1_r2a16_03"
},
{
"status": "affected",
"version": "tego1_r2a16"
},
{
"status": "affected",
"version": "tego1_r1e01"
},
{
"status": "affected",
"version": "tego1_r1d02"
},
{
"status": "affected",
"version": "tego1_r1c07"
},
{
"status": "affected",
"version": "tego1_r1b02"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GMS600",
"vendor": "Hitachi Energy",
"versions": [
{
"status": "affected",
"version": "GMS600 1.3"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ITT600 SA Explorer",
"vendor": "Hitachi Energy",
"versions": [
{
"status": "affected",
"version": "ITT600 SA Explorer 1.1.0"
},
{
"status": "affected",
"version": "ITT600 SA Explorer 1.1.1"
},
{
"status": "affected",
"version": "ITT600 SA Explorer 1.1.2"
},
{
"status": "affected",
"version": "ITT600 SA Explorer 1.5.0"
},
{
"status": "affected",
"version": "ITT600 SA Explorer 1.5.1"
},
{
"status": "affected",
"version": "ITT600 SA Explorer 1.6.0"
},
{
"status": "affected",
"version": "ITT600 SA Explorer 1.6.0.1"
},
{
"status": "affected",
"version": "ITT600 SA Explorer 1.7.0"
},
{
"status": "affected",
"version": "ITT600 SA Explorer 1.7.2"
},
{
"status": "affected",
"version": "ITT600 SA Explorer 1.8.0"
},
{
"status": "affected",
"version": "ITT600 SA Explorer 2.0.1"
},
{
"status": "affected",
"version": "ITT600 SA Explorer 2.0.2"
},
{
"status": "affected",
"version": "ITT600 SA Explorer 2.0.3"
},
{
"status": "affected",
"version": "ITT600 SA Explorer 2.0.4.1"
},
{
"status": "affected",
"version": "ITT600 SA Explorer 2.0.5.0"
},
{
"status": "affected",
"version": "ITT600 SA Explorer 2.0.5.4"
},
{
"status": "affected",
"version": "ITT600 SA Explorer 2.1.0.4"
},
{
"status": "affected",
"version": "ITT600 SA Explorer 2.1.0.5"
},
{
"status": "unaffected",
"version": "ITT600 SA Explorer 2.1.1.2"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MicroSCADA X SYS600",
"vendor": "Hitachi Energy",
"versions": [
{
"status": "affected",
"version": "SYS600 10"
},
{
"status": "affected",
"version": "SYS600 10.1"
},
{
"status": "affected",
"version": "SYS600 10.1.1"
},
{
"status": "affected",
"version": "SYS600 10.2"
},
{
"status": "affected",
"version": "SYS600 10.2.1"
},
{
"status": "affected",
"version": "SYS600 10.3"
},
{
"status": "affected",
"version": "SYS600 10.3.1"
},
{
"status": "affected",
"version": "SYS600 10.4"
},
{
"status": "unaffected",
"version": "SYS600 10.4.1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MSM",
"vendor": "Hitachi Energy",
"versions": [
{
"status": "affected",
"version": "MSM 2.2.3;0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PWC600",
"vendor": "Hitachi Energy",
"versions": [
{
"status": "affected",
"version": "PWC600 1.0"
},
{
"status": "affected",
"version": "PWC600 1.1"
},
{
"status": "affected",
"version": "PWC600 1.2"
}
]
},
{
"defaultStatus": "unaffected",
"product": "REB500",
"vendor": "Hitachi Energy",
"versions": [
{
"lessThan": "7.*",
"status": "affected",
"version": "REB500 7.0",
"versionType": "7.*"
},
{
"lessThan": "8.*",
"status": "affected",
"version": "REB500 8.0",
"versionType": "8.*"
},
{
"status": "unaffected",
"version": "REB500 8.3.3.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Relion\u00ae 670",
"vendor": "Hitachi Energy",
"versions": [
{
"status": "affected",
"version": "Relion 670 1.2"
},
{
"status": "affected",
"version": "Relion 670 2.0"
},
{
"status": "affected",
"version": "Relion 670 version 2.1"
},
{
"status": "affected",
"version": "Relion 670 2.2.0"
},
{
"status": "affected",
"version": "Relion 670 2.2.1"
},
{
"status": "affected",
"version": "Relion 670 2.2.2"
},
{
"status": "affected",
"version": "Relion 670 2.2.3"
},
{
"status": "affected",
"version": "Relion 670 2.2.4"
},
{
"status": "affected",
"version": "Relion 670 2.2.5"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Relion\u00ae 650",
"vendor": "Hitachi Energy",
"versions": [
{
"status": "affected",
"version": "Relion 650 1.1"
},
{
"status": "affected",
"version": "Relion 650 1.3"
},
{
"status": "affected",
"version": "Relion 650 2.1"
},
{
"status": "affected",
"version": "Relion 650 2.2.0"
},
{
"status": "affected",
"version": "Relion 650 2.2.1"
},
{
"status": "affected",
"version": "Relion 650 2.2.2"
},
{
"status": "affected",
"version": "Relion 650 2.2.3"
},
{
"status": "affected",
"version": "Relion 650 2.2.4"
},
{
"status": "affected",
"version": "Relion 650 2.2.5"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SAM600-IO",
"vendor": "Hitachi Energy",
"versions": [
{
"status": "affected",
"version": "Relion SAM600-IO 2.2.1"
},
{
"status": "affected",
"version": "Relion SAM600-IO 2.2.5"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RTU500",
"vendor": "Hitachi Energy",
"versions": [
{
"lessThanOrEqual": "12.0.14",
"status": "affected",
"version": "RTU500 12.0.1",
"versionType": "12.0.14"
},
{
"status": "unaffected",
"version": "RTU500 12.0.15"
},
{
"lessThanOrEqual": "12.2.11",
"status": "affected",
"version": "RTU500 12.2.1",
"versionType": "12.2.11"
},
{
"status": "unaffected",
"version": "RTU500 12.2.12"
},
{
"lessThanOrEqual": "12.4.11",
"status": "affected",
"version": "RTU500 12.4.1",
"versionType": "12.4.11"
},
{
"status": "unaffected",
"version": "RTU500 12.4.12"
},
{
"lessThanOrEqual": "12.6.8",
"status": "affected",
"version": "RTU500 12.6.1",
"versionType": "12.6.8"
},
{
"status": "unaffected",
"version": "RTU500 12.6.9"
},
{
"lessThanOrEqual": "12.7.4",
"status": "affected",
"version": "RTU500 12.7.1",
"versionType": "12.7.4"
},
{
"status": "unaffected",
"version": "RTU500 12.7.5"
},
{
"lessThanOrEqual": "13.2.5",
"status": "affected",
"version": "RTU500 13.2.1",
"versionType": "13.2.5"
},
{
"status": "unaffected",
"version": "RTU500 13.2.6"
},
{
"lessThanOrEqual": "13.3.3",
"status": "affected",
"version": "RTU500 13.3.1",
"versionType": "13.3.3"
},
{
"status": "unaffected",
"version": "RTU500 13.3.4"
},
{
"status": "affected",
"version": "RTU500 13.4.1"
},
{
"status": "unaffected",
"version": "RTU500 13.4.2"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TXpert Hub CoreTec 4",
"vendor": "Hitachi Energy",
"versions": [
{
"status": "affected",
"version": "CoreTec 4 version 2.0.*"
},
{
"status": "affected",
"version": "CoreTec 4 version 2.1.*"
},
{
"status": "affected",
"version": "CoreTec 4 version 2.2.*"
},
{
"status": "affected",
"version": "CoreTec 4 version 2.3.*"
},
{
"status": "affected",
"version": "CoreTec 4 version 2.4.*"
},
{
"status": "affected",
"version": "CoreTec 4 version 3.0.*"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TXpert Hub CoreTec 5",
"vendor": "Hitachi Energy",
"versions": [
{
"status": "affected",
"version": "CoreTec 5 version 3.0.*"
}
]
}
],
"datePublic": "2023-02-14T13:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\n\n\u003cdiv\u003e\u003cp\u003eA vulnerability exists in the IEC 61850 communication stack that affects multiple Hitachi Energy products.\u0026nbsp;\u003c/p\u003e\u003cp\u003eAn attacker could exploit the vulnerability by using a specially crafted message sequence, to force the IEC 61850 MMS-server communication stack, to stop accepting new MMS-client connections.\u0026nbsp;\u003cbr\u003e\u003c/p\u003e\u003c/div\u003e\u003cdiv\u003e\u003cp\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eAlready existing/established client-server connections are not affected.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\n\n\u003c/p\u003e\u003cdiv\u003e\u003cp\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eList of affected CPEs:\u003c/span\u003e\u003cbr\u003e\u003c/p\u003e\u003c/div\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:o:hitachienergy:fox61x_tego1:r15b08:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:o:hitachienergy:fox61x_tego1:r2a16_3:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:o:hitachienergy:fox61x_tego1:r2a16:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:o:hitachienergy:fox61x_tego1:r1e01:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:o:hitachienergy:fox61x_tego1:r1d02:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:o:hitachienergy:fox61x_tego1:r1c07:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:o:hitachienergy:fox61x_tego1:r1b02:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:gms600:1.3.0:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:itt600_sa_explorer:1.1.*:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:itt600_sa_explorer:1.5.*:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:itt600_sa_explorer:1.6.0:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:itt600_sa_explorer:1.6.0.1:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:itt600_sa_explorer:1.7.0:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:itt600_sa_explorer:1.7.2:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:itt600_sa_explorer:1.8.0:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:itt600_sa_explorer:2.0.*:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:itt600_sa_explorer:2.1.0.4:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:itt600_sa_explorer:2.1.0.5:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:microscada_x_sys600:10.*:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:microscada_x_sys600:10.4:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:microscada_x_sys600:10.4.1:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:mms:2.2.3:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:pwc600:1.0:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:pwc600:1.1:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:pwc600:1.2:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:o:hitachienergy:reb500:7:*:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:o:hitachienergy:reb500:8:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:o:hitachienergy:relion670:1.2.*:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:o:hitachienergy:relion670:2.0.*:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:o:hitachienergy:relion650:1.1.*:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:o:hitachienergy:relion650:1.3.*:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:o:hitachienergy:relion650:2.1.*:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:o:hitachienergy:relion670:2.1.*:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:o:hitachienergy:relionSAM600-IO:2.2.1:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:o:hitachienergy:relionSAM600-IO:2.2.5:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:o:hitachienergy:relion670:2.2.*:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:o:hitachienergy:relion650:2.2.*:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:o:hitachienergy:rtu500cmu:12.*.*:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:rtu500cmu:13.*.*:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:txpert_hub_coretec_4:2.*:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:txpert_hub_coretec_4:3.0:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:txpert_hub_coretec_5:3.0:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003c/div\u003e"
}
],
"value": "\n\n\nA vulnerability exists in the IEC 61850 communication stack that affects multiple Hitachi Energy products.\u00a0\n\nAn attacker could exploit the vulnerability by using a specially crafted message sequence, to force the IEC 61850 MMS-server communication stack, to stop accepting new MMS-client connections.\u00a0\n\n\n\n\nAlready existing/established client-server connections are not affected.\n\n\n\n\n\nList of affected CPEs:\n\n\n\n\n * cpe:2.3:o:hitachienergy:fox61x_tego1:r15b08:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:fox61x_tego1:r2a16_3:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:fox61x_tego1:r2a16:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:fox61x_tego1:r1e01:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:fox61x_tego1:r1d02:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:fox61x_tego1:r1c07:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:fox61x_tego1:r1b02:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:gms600:1.3.0:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.1.*:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.5.*:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.6.0:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.6.0.1:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.7.0:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.7.2:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.8.0:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.0.*:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.1.0.4:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.1.0.5:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.*:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.4:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.4.1:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:mms:2.2.3:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:pwc600:1.0:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:pwc600:1.1:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:pwc600:1.2:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:reb500:7:*:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:reb500:8:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:relion670:1.2.*:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:relion670:2.0.*:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:relion650:1.1.*:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:relion650:1.3.*:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:relion650:2.1.*:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:relion670:2.1.*:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:relionSAM600-IO:2.2.1:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:relionSAM600-IO:2.2.5:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:relion670:2.2.*:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:relion650:2.2.*:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:rtu500cmu:12.*.*:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:rtu500cmu:13.*.*:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:txpert_hub_coretec_4:2.*:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:txpert_hub_coretec_4:3.0:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:txpert_hub_coretec_5:3.0:*:*:*:*:*:*:*\n\n\n\n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-130",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-130 Excessive Allocation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "CWE-404 Improper Resource Shutdown or Release",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-21T14:09:25.358Z",
"orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"shortName": "Hitachi Energy"
},
"references": [
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000125\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000126\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000128\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000133\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000129\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000130\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000131\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000127\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000132\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000124\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nUpgrade the system once remediated version is available.\n\n\n\u003cbr\u003e"
}
],
"value": "\nUpgrade the system once remediated version is available.\n\n\n\n"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "IEC 61850 MMS-Server Vulnerability in multiple Hitachi Energy Products",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nRecommended security practices and firewall configurations can help protect a process control network from \nattacks that originate from outside the network. Such practices include that process control systems are physically protected from direct access by unauthorized personnel, have no direct connections to the Internet, and \nare separated from other networks by means of a firewall system that has a minimal number of ports exposed, \nand others that have to be evaluated case by case. Process control systems should not be used for Internet \nsurfing, instant messaging, or receiving e-mails. Portable computers and removable storage media should be \ncarefully scanned for viruses before they are connected to a control system.\n\n\u003cbr\u003e"
}
],
"value": "\nRecommended security practices and firewall configurations can help protect a process control network from \nattacks that originate from outside the network. Such practices include that process control systems are physically protected from direct access by unauthorized personnel, have no direct connections to the Internet, and \nare separated from other networks by means of a firewall system that has a minimal number of ports exposed, \nand others that have to be evaluated case by case. Process control systems should not be used for Internet \nsurfing, instant messaging, or receiving e-mails. Portable computers and removable storage media should be \ncarefully scanned for viruses before they are connected to a control system.\n\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"assignerShortName": "Hitachi Energy",
"cveId": "CVE-2022-3353",
"datePublished": "2023-02-21T13:50:46.145Z",
"dateReserved": "2022-09-28T12:22:08.645Z",
"dateUpdated": "2025-03-12T15:17:11.275Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}