Vulnerabilites related to hitachienergy - txpert_hub_coretec_4_firmware
CVE-2021-35531 (GCVE-0-2021-35531)
Vulnerability from cvelistv5
Published
2022-06-07 20:07
Modified
2024-09-16 16:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
Improper Input Validation vulnerability in a particular configuration setting field of Hitachi Energy TXpert Hub CoreTec 4 product, allows an attacker with access to an authorized user with ADMIN or ENGINEER role rights to inject an OS command that is executed by the system. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0; 2.0.1; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hitachi Energy | TXpert Hub CoreTec 4 version |
Version: 2.0.0 Version: 2.0.1 Version: 2.1.0 Version: 2.1.1 Version: 2.1.2 Version: 2.1.3 Version: 2.2.0 Version: 2.2.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:40:46.422Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000080\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\u0026utm_campaign=\u0026utm_content=2022.04_5763_Cybersecurity%20Advisory%20Update_May_03\u0026utm_medium=email\u0026utm_source=Eloqua"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TXpert Hub CoreTec 4 version",
"vendor": "Hitachi Energy",
"versions": [
{
"status": "affected",
"version": "2.0.0"
},
{
"status": "affected",
"version": "2.0.1"
},
{
"status": "affected",
"version": "2.1.0"
},
{
"status": "affected",
"version": "2.1.1"
},
{
"status": "affected",
"version": "2.1.2"
},
{
"status": "affected",
"version": "2.1.3"
},
{
"status": "affected",
"version": "2.2.0"
},
{
"status": "affected",
"version": "2.2.1"
}
]
}
],
"datePublic": "2022-05-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation vulnerability in a particular configuration setting field of Hitachi Energy TXpert Hub CoreTec 4 product, allows an attacker with access to an authorized user with ADMIN or ENGINEER role rights to inject an OS command that is executed by the system. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0; 2.0.1; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-07T20:07:37",
"orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"shortName": "Hitachi Energy"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000080\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\u0026utm_campaign=\u0026utm_content=2022.04_5763_Cybersecurity%20Advisory%20Update_May_03\u0026utm_medium=email\u0026utm_source=Eloqua"
}
],
"solutions": [
{
"lang": "en",
"value": "Update the system to TXpert Hub CoreTec 4 version 2.3.0 that fixes the issues."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Remote Code Execution in TXpert Hub CoreTec 4",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@hitachienergy.com",
"DATE_PUBLIC": "2022-05-10T10:00:00.000Z",
"ID": "CVE-2021-35531",
"STATE": "PUBLIC",
"TITLE": "Remote Code Execution in TXpert Hub CoreTec 4"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TXpert Hub CoreTec 4 version",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "2.0.0",
"version_value": "2.0.0"
},
{
"version_affected": "=",
"version_name": "2.0.1",
"version_value": "2.0.1"
},
{
"version_affected": "=",
"version_name": "2.1.0",
"version_value": "2.1.0"
},
{
"version_affected": "=",
"version_name": "2.1.1",
"version_value": "2.1.1"
},
{
"version_affected": "=",
"version_name": "2.1.2",
"version_value": "2.1.2"
},
{
"version_affected": "=",
"version_name": "2.1.3",
"version_value": "2.1.3"
},
{
"version_affected": "=",
"version_name": "2.2.0",
"version_value": "2.2.0"
},
{
"version_affected": "=",
"version_name": "2.2.1",
"version_value": "2.2.1"
}
]
}
}
]
},
"vendor_name": "Hitachi Energy"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Input Validation vulnerability in a particular configuration setting field of Hitachi Energy TXpert Hub CoreTec 4 product, allows an attacker with access to an authorized user with ADMIN or ENGINEER role rights to inject an OS command that is executed by the system. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0; 2.0.1; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000080\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\u0026utm_campaign=\u0026utm_content=2022.04_5763_Cybersecurity%20Advisory%20Update_May_03\u0026utm_medium=email\u0026utm_source=Eloqua",
"refsource": "CONFIRM",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000080\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\u0026utm_campaign=\u0026utm_content=2022.04_5763_Cybersecurity%20Advisory%20Update_May_03\u0026utm_medium=email\u0026utm_source=Eloqua"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update the system to TXpert Hub CoreTec 4 version 2.3.0 that fixes the issues."
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"assignerShortName": "Hitachi Energy",
"cveId": "CVE-2021-35531",
"datePublished": "2022-06-07T20:07:37.055446Z",
"dateReserved": "2021-06-28T00:00:00",
"dateUpdated": "2024-09-16T16:12:33.151Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-35532 (GCVE-0-2021-35532)
Vulnerability from cvelistv5
Published
2022-06-07 20:04
Modified
2024-09-16 22:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-494 - Download of Code Without Integrity Check
Summary
A vulnerability exists in the file upload validation part of Hitachi Energy TXpert Hub CoreTec 4 product. The vulnerability allows an attacker or malicious agent who manages to gain access to the system and obtain an account with sufficient privilege to upload a malicious firmware to the product. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0; 2.0.1; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hitachi Energy | TXpert Hub CoreTec 4 version |
Version: 2.0.0 Version: 2.0.1 Version: 2.1.0 Version: 2.1.1 Version: 2.1.2 Version: 2.1.3 Version: 2.2.0 Version: 2.2.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:40:46.763Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000080\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\u0026utm_campaign=\u0026utm_content=2022.04_5763_Cybersecurity%20Advisory%20Update_May_03\u0026utm_medium=email\u0026utm_source=Eloqua"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TXpert Hub CoreTec 4 version",
"vendor": "Hitachi Energy",
"versions": [
{
"status": "affected",
"version": "2.0.0"
},
{
"status": "affected",
"version": "2.0.1"
},
{
"status": "affected",
"version": "2.1.0"
},
{
"status": "affected",
"version": "2.1.1"
},
{
"status": "affected",
"version": "2.1.2"
},
{
"status": "affected",
"version": "2.1.3"
},
{
"status": "affected",
"version": "2.2.0"
},
{
"status": "affected",
"version": "2.2.1"
}
]
}
],
"datePublic": "2022-05-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability exists in the file upload validation part of Hitachi Energy TXpert Hub CoreTec 4 product. The vulnerability allows an attacker or malicious agent who manages to gain access to the system and obtain an account with sufficient privilege to upload a malicious firmware to the product. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0; 2.0.1; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-494",
"description": "CWE-494 Download of Code Without Integrity Check",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-07T20:04:14",
"orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"shortName": "Hitachi Energy"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000080\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\u0026utm_campaign=\u0026utm_content=2022.04_5763_Cybersecurity%20Advisory%20Update_May_03\u0026utm_medium=email\u0026utm_source=Eloqua"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Firmware upload verification bypass in TXpert Hub CoreTec 4",
"workarounds": [
{
"lang": "en",
"value": "To reduce risk of exploitation, please apply the recommended mitigation as described in the advisory Section Mitigation Factors/Workarounds."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@hitachienergy.com",
"DATE_PUBLIC": "2022-05-10T10:00:00.000Z",
"ID": "CVE-2021-35532",
"STATE": "PUBLIC",
"TITLE": "Firmware upload verification bypass in TXpert Hub CoreTec 4"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TXpert Hub CoreTec 4 version",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "2.0.0",
"version_value": "2.0.0"
},
{
"version_affected": "=",
"version_name": "2.0.1",
"version_value": "2.0.1"
},
{
"version_affected": "=",
"version_name": "2.1.0",
"version_value": "2.1.0"
},
{
"version_affected": "=",
"version_name": "2.1.1",
"version_value": "2.1.1"
},
{
"version_affected": "=",
"version_name": "2.1.2",
"version_value": "2.1.2"
},
{
"version_affected": "=",
"version_name": "2.1.3",
"version_value": "2.1.3"
},
{
"version_affected": "=",
"version_name": "2.2.0",
"version_value": "2.2.0"
},
{
"version_affected": "=",
"version_name": "2.2.1",
"version_value": "2.2.1"
}
]
}
}
]
},
"vendor_name": "Hitachi Energy"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability exists in the file upload validation part of Hitachi Energy TXpert Hub CoreTec 4 product. The vulnerability allows an attacker or malicious agent who manages to gain access to the system and obtain an account with sufficient privilege to upload a malicious firmware to the product. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0; 2.0.1; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-494 Download of Code Without Integrity Check"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000080\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\u0026utm_campaign=\u0026utm_content=2022.04_5763_Cybersecurity%20Advisory%20Update_May_03\u0026utm_medium=email\u0026utm_source=Eloqua",
"refsource": "CONFIRM",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000080\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\u0026utm_campaign=\u0026utm_content=2022.04_5763_Cybersecurity%20Advisory%20Update_May_03\u0026utm_medium=email\u0026utm_source=Eloqua"
}
]
},
"source": {
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"value": "To reduce risk of exploitation, please apply the recommended mitigation as described in the advisory Section Mitigation Factors/Workarounds."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"assignerShortName": "Hitachi Energy",
"cveId": "CVE-2021-35532",
"datePublished": "2022-06-07T20:04:14.525785Z",
"dateReserved": "2021-06-28T00:00:00",
"dateUpdated": "2024-09-16T22:30:08.831Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-35530 (GCVE-0-2021-35530)
Vulnerability from cvelistv5
Published
2022-06-07 20:17
Modified
2024-09-16 23:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Summary
A vulnerability in the application authentication and authorization mechanism in Hitachi Energy's TXpert Hub CoreTec 4, that depends on a token validation of the session identifier, allows an unauthorized modified message to be executed in the server enabling an unauthorized actor to change an existing user password, and further gain authorized access into the system via login mechanism. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0 2.1.0; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hitachi Energy | TXpert Hub CoreTec 4 version |
Version: 2.0.0 Version: 2.0.1 Version: 2.1.0 Version: 2.1.1 Version: 2.1.2 Version: 2.1.3 Version: 2.2.0 Version: 2.2.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:40:46.698Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000080\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\u0026utm_campaign=\u0026utm_content=2022.04_5763_Cybersecurity%20Advisory%20Update_May_03\u0026utm_medium=email\u0026utm_source=Eloqua"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TXpert Hub CoreTec 4 version",
"vendor": "Hitachi Energy",
"versions": [
{
"status": "affected",
"version": "2.0.0"
},
{
"status": "affected",
"version": "2.0.1"
},
{
"status": "affected",
"version": "2.1.0"
},
{
"status": "affected",
"version": "2.1.1"
},
{
"status": "affected",
"version": "2.1.2"
},
{
"status": "affected",
"version": "2.1.3"
},
{
"status": "affected",
"version": "2.2.0"
},
{
"status": "affected",
"version": "2.2.1"
}
]
}
],
"datePublic": "2022-05-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the application authentication and authorization mechanism in Hitachi Energy\u0027s TXpert Hub CoreTec 4, that depends on a token validation of the session identifier, allows an unauthorized modified message to be executed in the server enabling an unauthorized actor to change an existing user password, and further gain authorized access into the system via login mechanism. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0 2.1.0; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-07T20:17:07",
"orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"shortName": "Hitachi Energy"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000080\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\u0026utm_campaign=\u0026utm_content=2022.04_5763_Cybersecurity%20Advisory%20Update_May_03\u0026utm_medium=email\u0026utm_source=Eloqua"
}
],
"solutions": [
{
"lang": "en",
"value": "Update the system to TXpert Hub CoreTec 4 version 2.3.0 that fixes the issues."
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "User authentication bypass in TXpert Hub CoreTec 4",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@hitachienergy.com",
"DATE_PUBLIC": "2022-05-10T10:00:00.000Z",
"ID": "CVE-2021-35530",
"STATE": "PUBLIC",
"TITLE": "User authentication bypass in TXpert Hub CoreTec 4"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TXpert Hub CoreTec 4 version",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "2.0.0",
"version_value": "2.0.0"
},
{
"version_affected": "=",
"version_name": "2.0.1",
"version_value": "2.0.1"
},
{
"version_affected": "=",
"version_name": "2.1.0",
"version_value": "2.1.0"
},
{
"version_affected": "=",
"version_name": "2.1.1",
"version_value": "2.1.1"
},
{
"version_affected": "=",
"version_name": "2.1.2",
"version_value": "2.1.2"
},
{
"version_affected": "=",
"version_name": "2.1.3",
"version_value": "2.1.3"
},
{
"version_affected": "=",
"version_name": "2.2.0",
"version_value": "2.2.0"
},
{
"version_affected": "=",
"version_name": "2.2.1",
"version_value": "2.2.1"
}
]
}
}
]
},
"vendor_name": "Hitachi Energy"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the application authentication and authorization mechanism in Hitachi Energy\u0027s TXpert Hub CoreTec 4, that depends on a token validation of the session identifier, allows an unauthorized modified message to be executed in the server enabling an unauthorized actor to change an existing user password, and further gain authorized access into the system via login mechanism. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0 2.1.0; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-288 Authentication Bypass Using an Alternate Path or Channel"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000080\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\u0026utm_campaign=\u0026utm_content=2022.04_5763_Cybersecurity%20Advisory%20Update_May_03\u0026utm_medium=email\u0026utm_source=Eloqua",
"refsource": "CONFIRM",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000080\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\u0026utm_campaign=\u0026utm_content=2022.04_5763_Cybersecurity%20Advisory%20Update_May_03\u0026utm_medium=email\u0026utm_source=Eloqua"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update the system to TXpert Hub CoreTec 4 version 2.3.0 that fixes the issues."
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"assignerShortName": "Hitachi Energy",
"cveId": "CVE-2021-35530",
"datePublished": "2022-06-07T20:17:07.848239Z",
"dateReserved": "2021-06-28T00:00:00",
"dateUpdated": "2024-09-16T23:26:19.387Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3353 (GCVE-0-2022-3353)
Vulnerability from cvelistv5
Published
2023-02-21 13:50
Modified
2025-03-12 15:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-404 - Improper Resource Shutdown or Release
Summary
A vulnerability exists in the IEC 61850 communication stack that affects multiple Hitachi Energy products.
An attacker could exploit the vulnerability by using a specially crafted message sequence, to force the IEC 61850 MMS-server communication stack, to stop accepting new MMS-client connections.
Already existing/established client-server connections are not affected.
List of affected CPEs:
* cpe:2.3:o:hitachienergy:fox61x_tego1:r15b08:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:fox61x_tego1:r2a16_3:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:fox61x_tego1:r2a16:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:fox61x_tego1:r1e01:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:fox61x_tego1:r1d02:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:fox61x_tego1:r1c07:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:fox61x_tego1:r1b02:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:gms600:1.3.0:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.1.*:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.5.*:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.6.0:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.6.0.1:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.7.0:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.7.2:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.8.0:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.0.*:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.1.0.4:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.1.0.5:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.*:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.4:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.4.1:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:mms:2.2.3:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:pwc600:1.0:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:pwc600:1.1:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:pwc600:1.2:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:reb500:7:*:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:reb500:8:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:relion670:1.2.*:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:relion670:2.0.*:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:relion650:1.1.*:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:relion650:1.3.*:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:relion650:2.1.*:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:relion670:2.1.*:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:relionSAM600-IO:2.2.1:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:relionSAM600-IO:2.2.5:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:relion670:2.2.*:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:relion650:2.2.*:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:rtu500cmu:12.*.*:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:rtu500cmu:13.*.*:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:txpert_hub_coretec_4:2.*:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:txpert_hub_coretec_4:3.0:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:txpert_hub_coretec_5:3.0:*:*:*:*:*:*:*
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Hitachi Energy | FOX61x TEGO1 |
Version: tego1_r15b08 Version: tego1_r2a16_03 Version: tego1_r2a16 Version: tego1_r1e01 Version: tego1_r1d02 Version: tego1_r1c07 Version: tego1_r1b02 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:07:06.451Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000125\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000126\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000128\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000133\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000129\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000130\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000131\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000127\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000132\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000124\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3353",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-12T15:16:44.962103Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T15:17:11.275Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FOX61x TEGO1",
"vendor": "Hitachi Energy",
"versions": [
{
"status": "unaffected",
"version": "tego1_r16a11"
},
{
"status": "affected",
"version": "tego1_r15b08"
},
{
"status": "affected",
"version": "tego1_r2a16_03"
},
{
"status": "affected",
"version": "tego1_r2a16"
},
{
"status": "affected",
"version": "tego1_r1e01"
},
{
"status": "affected",
"version": "tego1_r1d02"
},
{
"status": "affected",
"version": "tego1_r1c07"
},
{
"status": "affected",
"version": "tego1_r1b02"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GMS600",
"vendor": "Hitachi Energy",
"versions": [
{
"status": "affected",
"version": "GMS600 1.3"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ITT600 SA Explorer",
"vendor": "Hitachi Energy",
"versions": [
{
"status": "affected",
"version": "ITT600 SA Explorer 1.1.0"
},
{
"status": "affected",
"version": "ITT600 SA Explorer 1.1.1"
},
{
"status": "affected",
"version": "ITT600 SA Explorer 1.1.2"
},
{
"status": "affected",
"version": "ITT600 SA Explorer 1.5.0"
},
{
"status": "affected",
"version": "ITT600 SA Explorer 1.5.1"
},
{
"status": "affected",
"version": "ITT600 SA Explorer 1.6.0"
},
{
"status": "affected",
"version": "ITT600 SA Explorer 1.6.0.1"
},
{
"status": "affected",
"version": "ITT600 SA Explorer 1.7.0"
},
{
"status": "affected",
"version": "ITT600 SA Explorer 1.7.2"
},
{
"status": "affected",
"version": "ITT600 SA Explorer 1.8.0"
},
{
"status": "affected",
"version": "ITT600 SA Explorer 2.0.1"
},
{
"status": "affected",
"version": "ITT600 SA Explorer 2.0.2"
},
{
"status": "affected",
"version": "ITT600 SA Explorer 2.0.3"
},
{
"status": "affected",
"version": "ITT600 SA Explorer 2.0.4.1"
},
{
"status": "affected",
"version": "ITT600 SA Explorer 2.0.5.0"
},
{
"status": "affected",
"version": "ITT600 SA Explorer 2.0.5.4"
},
{
"status": "affected",
"version": "ITT600 SA Explorer 2.1.0.4"
},
{
"status": "affected",
"version": "ITT600 SA Explorer 2.1.0.5"
},
{
"status": "unaffected",
"version": "ITT600 SA Explorer 2.1.1.2"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MicroSCADA X SYS600",
"vendor": "Hitachi Energy",
"versions": [
{
"status": "affected",
"version": "SYS600 10"
},
{
"status": "affected",
"version": "SYS600 10.1"
},
{
"status": "affected",
"version": "SYS600 10.1.1"
},
{
"status": "affected",
"version": "SYS600 10.2"
},
{
"status": "affected",
"version": "SYS600 10.2.1"
},
{
"status": "affected",
"version": "SYS600 10.3"
},
{
"status": "affected",
"version": "SYS600 10.3.1"
},
{
"status": "affected",
"version": "SYS600 10.4"
},
{
"status": "unaffected",
"version": "SYS600 10.4.1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MSM",
"vendor": "Hitachi Energy",
"versions": [
{
"status": "affected",
"version": "MSM 2.2.3;0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PWC600",
"vendor": "Hitachi Energy",
"versions": [
{
"status": "affected",
"version": "PWC600 1.0"
},
{
"status": "affected",
"version": "PWC600 1.1"
},
{
"status": "affected",
"version": "PWC600 1.2"
}
]
},
{
"defaultStatus": "unaffected",
"product": "REB500",
"vendor": "Hitachi Energy",
"versions": [
{
"lessThan": "7.*",
"status": "affected",
"version": "REB500 7.0",
"versionType": "7.*"
},
{
"lessThan": "8.*",
"status": "affected",
"version": "REB500 8.0",
"versionType": "8.*"
},
{
"status": "unaffected",
"version": "REB500 8.3.3.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Relion\u00ae 670",
"vendor": "Hitachi Energy",
"versions": [
{
"status": "affected",
"version": "Relion 670 1.2"
},
{
"status": "affected",
"version": "Relion 670 2.0"
},
{
"status": "affected",
"version": "Relion 670 version 2.1"
},
{
"status": "affected",
"version": "Relion 670 2.2.0"
},
{
"status": "affected",
"version": "Relion 670 2.2.1"
},
{
"status": "affected",
"version": "Relion 670 2.2.2"
},
{
"status": "affected",
"version": "Relion 670 2.2.3"
},
{
"status": "affected",
"version": "Relion 670 2.2.4"
},
{
"status": "affected",
"version": "Relion 670 2.2.5"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Relion\u00ae 650",
"vendor": "Hitachi Energy",
"versions": [
{
"status": "affected",
"version": "Relion 650 1.1"
},
{
"status": "affected",
"version": "Relion 650 1.3"
},
{
"status": "affected",
"version": "Relion 650 2.1"
},
{
"status": "affected",
"version": "Relion 650 2.2.0"
},
{
"status": "affected",
"version": "Relion 650 2.2.1"
},
{
"status": "affected",
"version": "Relion 650 2.2.2"
},
{
"status": "affected",
"version": "Relion 650 2.2.3"
},
{
"status": "affected",
"version": "Relion 650 2.2.4"
},
{
"status": "affected",
"version": "Relion 650 2.2.5"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SAM600-IO",
"vendor": "Hitachi Energy",
"versions": [
{
"status": "affected",
"version": "Relion SAM600-IO 2.2.1"
},
{
"status": "affected",
"version": "Relion SAM600-IO 2.2.5"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RTU500",
"vendor": "Hitachi Energy",
"versions": [
{
"lessThanOrEqual": "12.0.14",
"status": "affected",
"version": "RTU500 12.0.1",
"versionType": "12.0.14"
},
{
"status": "unaffected",
"version": "RTU500 12.0.15"
},
{
"lessThanOrEqual": "12.2.11",
"status": "affected",
"version": "RTU500 12.2.1",
"versionType": "12.2.11"
},
{
"status": "unaffected",
"version": "RTU500 12.2.12"
},
{
"lessThanOrEqual": "12.4.11",
"status": "affected",
"version": "RTU500 12.4.1",
"versionType": "12.4.11"
},
{
"status": "unaffected",
"version": "RTU500 12.4.12"
},
{
"lessThanOrEqual": "12.6.8",
"status": "affected",
"version": "RTU500 12.6.1",
"versionType": "12.6.8"
},
{
"status": "unaffected",
"version": "RTU500 12.6.9"
},
{
"lessThanOrEqual": "12.7.4",
"status": "affected",
"version": "RTU500 12.7.1",
"versionType": "12.7.4"
},
{
"status": "unaffected",
"version": "RTU500 12.7.5"
},
{
"lessThanOrEqual": "13.2.5",
"status": "affected",
"version": "RTU500 13.2.1",
"versionType": "13.2.5"
},
{
"status": "unaffected",
"version": "RTU500 13.2.6"
},
{
"lessThanOrEqual": "13.3.3",
"status": "affected",
"version": "RTU500 13.3.1",
"versionType": "13.3.3"
},
{
"status": "unaffected",
"version": "RTU500 13.3.4"
},
{
"status": "affected",
"version": "RTU500 13.4.1"
},
{
"status": "unaffected",
"version": "RTU500 13.4.2"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TXpert Hub CoreTec 4",
"vendor": "Hitachi Energy",
"versions": [
{
"status": "affected",
"version": "CoreTec 4 version 2.0.*"
},
{
"status": "affected",
"version": "CoreTec 4 version 2.1.*"
},
{
"status": "affected",
"version": "CoreTec 4 version 2.2.*"
},
{
"status": "affected",
"version": "CoreTec 4 version 2.3.*"
},
{
"status": "affected",
"version": "CoreTec 4 version 2.4.*"
},
{
"status": "affected",
"version": "CoreTec 4 version 3.0.*"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TXpert Hub CoreTec 5",
"vendor": "Hitachi Energy",
"versions": [
{
"status": "affected",
"version": "CoreTec 5 version 3.0.*"
}
]
}
],
"datePublic": "2023-02-14T13:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\n\n\u003cdiv\u003e\u003cp\u003eA vulnerability exists in the IEC 61850 communication stack that affects multiple Hitachi Energy products.\u0026nbsp;\u003c/p\u003e\u003cp\u003eAn attacker could exploit the vulnerability by using a specially crafted message sequence, to force the IEC 61850 MMS-server communication stack, to stop accepting new MMS-client connections.\u0026nbsp;\u003cbr\u003e\u003c/p\u003e\u003c/div\u003e\u003cdiv\u003e\u003cp\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eAlready existing/established client-server connections are not affected.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\n\n\u003c/p\u003e\u003cdiv\u003e\u003cp\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eList of affected CPEs:\u003c/span\u003e\u003cbr\u003e\u003c/p\u003e\u003c/div\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:o:hitachienergy:fox61x_tego1:r15b08:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:o:hitachienergy:fox61x_tego1:r2a16_3:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:o:hitachienergy:fox61x_tego1:r2a16:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:o:hitachienergy:fox61x_tego1:r1e01:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:o:hitachienergy:fox61x_tego1:r1d02:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:o:hitachienergy:fox61x_tego1:r1c07:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:o:hitachienergy:fox61x_tego1:r1b02:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:gms600:1.3.0:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:itt600_sa_explorer:1.1.*:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:itt600_sa_explorer:1.5.*:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:itt600_sa_explorer:1.6.0:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:itt600_sa_explorer:1.6.0.1:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:itt600_sa_explorer:1.7.0:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:itt600_sa_explorer:1.7.2:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:itt600_sa_explorer:1.8.0:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:itt600_sa_explorer:2.0.*:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:itt600_sa_explorer:2.1.0.4:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:itt600_sa_explorer:2.1.0.5:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:microscada_x_sys600:10.*:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:microscada_x_sys600:10.4:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:microscada_x_sys600:10.4.1:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:mms:2.2.3:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:pwc600:1.0:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:pwc600:1.1:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:pwc600:1.2:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:o:hitachienergy:reb500:7:*:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:o:hitachienergy:reb500:8:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:o:hitachienergy:relion670:1.2.*:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:o:hitachienergy:relion670:2.0.*:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:o:hitachienergy:relion650:1.1.*:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:o:hitachienergy:relion650:1.3.*:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:o:hitachienergy:relion650:2.1.*:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:o:hitachienergy:relion670:2.1.*:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:o:hitachienergy:relionSAM600-IO:2.2.1:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:o:hitachienergy:relionSAM600-IO:2.2.5:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:o:hitachienergy:relion670:2.2.*:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:o:hitachienergy:relion650:2.2.*:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:o:hitachienergy:rtu500cmu:12.*.*:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:rtu500cmu:13.*.*:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:txpert_hub_coretec_4:2.*:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:txpert_hub_coretec_4:3.0:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:txpert_hub_coretec_5:3.0:*:*:*:*:*:*:*\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003c/div\u003e"
}
],
"value": "\n\n\nA vulnerability exists in the IEC 61850 communication stack that affects multiple Hitachi Energy products.\u00a0\n\nAn attacker could exploit the vulnerability by using a specially crafted message sequence, to force the IEC 61850 MMS-server communication stack, to stop accepting new MMS-client connections.\u00a0\n\n\n\n\nAlready existing/established client-server connections are not affected.\n\n\n\n\n\nList of affected CPEs:\n\n\n\n\n * cpe:2.3:o:hitachienergy:fox61x_tego1:r15b08:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:fox61x_tego1:r2a16_3:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:fox61x_tego1:r2a16:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:fox61x_tego1:r1e01:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:fox61x_tego1:r1d02:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:fox61x_tego1:r1c07:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:fox61x_tego1:r1b02:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:gms600:1.3.0:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.1.*:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.5.*:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.6.0:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.6.0.1:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.7.0:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.7.2:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.8.0:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.0.*:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.1.0.4:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.1.0.5:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.*:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.4:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.4.1:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:mms:2.2.3:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:pwc600:1.0:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:pwc600:1.1:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:pwc600:1.2:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:reb500:7:*:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:reb500:8:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:relion670:1.2.*:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:relion670:2.0.*:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:relion650:1.1.*:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:relion650:1.3.*:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:relion650:2.1.*:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:relion670:2.1.*:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:relionSAM600-IO:2.2.1:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:relionSAM600-IO:2.2.5:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:relion670:2.2.*:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:relion650:2.2.*:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:rtu500cmu:12.*.*:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:rtu500cmu:13.*.*:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:txpert_hub_coretec_4:2.*:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:txpert_hub_coretec_4:3.0:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:txpert_hub_coretec_5:3.0:*:*:*:*:*:*:*\n\n\n\n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-130",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-130 Excessive Allocation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "CWE-404 Improper Resource Shutdown or Release",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-21T14:09:25.358Z",
"orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"shortName": "Hitachi Energy"
},
"references": [
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000125\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000126\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000128\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000133\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000129\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000130\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000131\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000127\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000132\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000124\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nUpgrade the system once remediated version is available.\n\n\n\u003cbr\u003e"
}
],
"value": "\nUpgrade the system once remediated version is available.\n\n\n\n"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "IEC 61850 MMS-Server Vulnerability in multiple Hitachi Energy Products",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nRecommended security practices and firewall configurations can help protect a process control network from \nattacks that originate from outside the network. Such practices include that process control systems are physically protected from direct access by unauthorized personnel, have no direct connections to the Internet, and \nare separated from other networks by means of a firewall system that has a minimal number of ports exposed, \nand others that have to be evaluated case by case. Process control systems should not be used for Internet \nsurfing, instant messaging, or receiving e-mails. Portable computers and removable storage media should be \ncarefully scanned for viruses before they are connected to a control system.\n\n\u003cbr\u003e"
}
],
"value": "\nRecommended security practices and firewall configurations can help protect a process control network from \nattacks that originate from outside the network. Such practices include that process control systems are physically protected from direct access by unauthorized personnel, have no direct connections to the Internet, and \nare separated from other networks by means of a firewall system that has a minimal number of ports exposed, \nand others that have to be evaluated case by case. Process control systems should not be used for Internet \nsurfing, instant messaging, or receiving e-mails. Portable computers and removable storage media should be \ncarefully scanned for viruses before they are connected to a control system.\n\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"assignerShortName": "Hitachi Energy",
"cveId": "CVE-2022-3353",
"datePublished": "2023-02-21T13:50:46.145Z",
"dateReserved": "2022-09-28T12:22:08.645Z",
"dateUpdated": "2025-03-12T15:17:11.275Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2022-06-07 21:15
Modified
2024-11-21 06:12
Severity ?
Summary
A vulnerability exists in the file upload validation part of Hitachi Energy TXpert Hub CoreTec 4 product. The vulnerability allows an attacker or malicious agent who manages to gain access to the system and obtain an account with sufficient privilege to upload a malicious firmware to the product. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0; 2.0.1; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cybersecurity@hitachienergy.com | https://search.abb.com/library/Download.aspx?DocumentID=8DBD000080&LanguageCode=en&DocumentPartId=&Action=Launch&utm_campaign=&utm_content=2022.04_5763_Cybersecurity%20Advisory%20Update_May_03&utm_medium=email&utm_source=Eloqua | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://search.abb.com/library/Download.aspx?DocumentID=8DBD000080&LanguageCode=en&DocumentPartId=&Action=Launch&utm_campaign=&utm_content=2022.04_5763_Cybersecurity%20Advisory%20Update_May_03&utm_medium=email&utm_source=Eloqua | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hitachienergy | txpert_hub_coretec_4_firmware | 2.0.0 | |
| hitachienergy | txpert_hub_coretec_4_firmware | 2.0.1 | |
| hitachienergy | txpert_hub_coretec_4_firmware | 2.1.0 | |
| hitachienergy | txpert_hub_coretec_4_firmware | 2.1.1 | |
| hitachienergy | txpert_hub_coretec_4_firmware | 2.1.2 | |
| hitachienergy | txpert_hub_coretec_4_firmware | 2.1.3 | |
| hitachienergy | txpert_hub_coretec_4_firmware | 2.2.0 | |
| hitachienergy | txpert_hub_coretec_4_firmware | 2.2.1 | |
| hitachienergy | txpert_hub_coretec_4 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hitachienergy:txpert_hub_coretec_4_firmware:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA6C5B5F-1C94-4CF2-9371-B77A06DF089E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:txpert_hub_coretec_4_firmware:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CC92EBD8-04A6-4010-8058-D7DC57698374",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:txpert_hub_coretec_4_firmware:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7AC186E8-E646-40C6-9DE3-296692050208",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:txpert_hub_coretec_4_firmware:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DCAC45F3-66FB-4D56-9F46-BA90E0CDD7E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:txpert_hub_coretec_4_firmware:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7540E055-1C25-4487-BC43-CEE7B2370E54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:txpert_hub_coretec_4_firmware:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "276F34CB-D644-4E33-B254-FDD598D7372B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:txpert_hub_coretec_4_firmware:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F7496490-5B13-4DC9-8EC1-3E196683D536",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:txpert_hub_coretec_4_firmware:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A86BF5CA-E5EA-4694-84FF-74287FEE2342",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hitachienergy:txpert_hub_coretec_4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3ADE055E-8EE4-4CCE-9326-B70C101F0EF3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability exists in the file upload validation part of Hitachi Energy TXpert Hub CoreTec 4 product. The vulnerability allows an attacker or malicious agent who manages to gain access to the system and obtain an account with sufficient privilege to upload a malicious firmware to the product. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0; 2.0.1; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad en la parte de comprobaci\u00f3n de carga de archivos del producto Hitachi Energy TXpert Hub CoreTec 4. La vulnerabilidad permite que un atacante o agente malicioso que consiga acceder al sistema y obtener una cuenta con suficientes privilegios pueda cargar un firmware malicioso en el producto. Este problema afecta a: Hitachi Energy TXpert Hub CoreTec 4 versiones 2.0.0; 2.0.1; 2.1.0; 2.1.2; 2.1.3; 2.2.0; 2.2.1"
}
],
"id": "CVE-2021-35532",
"lastModified": "2024-11-21T06:12:27.547",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-07T21:15:14.787",
"references": [
{
"source": "cybersecurity@hitachienergy.com",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000080\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\u0026utm_campaign=\u0026utm_content=2022.04_5763_Cybersecurity%20Advisory%20Update_May_03\u0026utm_medium=email\u0026utm_source=Eloqua"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000080\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\u0026utm_campaign=\u0026utm_content=2022.04_5763_Cybersecurity%20Advisory%20Update_May_03\u0026utm_medium=email\u0026utm_source=Eloqua"
}
],
"sourceIdentifier": "cybersecurity@hitachienergy.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-494"
}
],
"source": "cybersecurity@hitachienergy.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-07 21:15
Modified
2024-11-21 06:12
Severity ?
Summary
Improper Input Validation vulnerability in a particular configuration setting field of Hitachi Energy TXpert Hub CoreTec 4 product, allows an attacker with access to an authorized user with ADMIN or ENGINEER role rights to inject an OS command that is executed by the system. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0; 2.0.1; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cybersecurity@hitachienergy.com | https://search.abb.com/library/Download.aspx?DocumentID=8DBD000080&LanguageCode=en&DocumentPartId=&Action=Launch&utm_campaign=&utm_content=2022.04_5763_Cybersecurity%20Advisory%20Update_May_03&utm_medium=email&utm_source=Eloqua | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://search.abb.com/library/Download.aspx?DocumentID=8DBD000080&LanguageCode=en&DocumentPartId=&Action=Launch&utm_campaign=&utm_content=2022.04_5763_Cybersecurity%20Advisory%20Update_May_03&utm_medium=email&utm_source=Eloqua | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hitachienergy | txpert_hub_coretec_4_firmware | 2.0.0 | |
| hitachienergy | txpert_hub_coretec_4_firmware | 2.0.1 | |
| hitachienergy | txpert_hub_coretec_4_firmware | 2.1.0 | |
| hitachienergy | txpert_hub_coretec_4_firmware | 2.1.1 | |
| hitachienergy | txpert_hub_coretec_4_firmware | 2.1.2 | |
| hitachienergy | txpert_hub_coretec_4_firmware | 2.1.3 | |
| hitachienergy | txpert_hub_coretec_4_firmware | 2.2.0 | |
| hitachienergy | txpert_hub_coretec_4_firmware | 2.2.1 | |
| hitachienergy | txpert_hub_coretec_4 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hitachienergy:txpert_hub_coretec_4_firmware:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA6C5B5F-1C94-4CF2-9371-B77A06DF089E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:txpert_hub_coretec_4_firmware:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CC92EBD8-04A6-4010-8058-D7DC57698374",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:txpert_hub_coretec_4_firmware:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7AC186E8-E646-40C6-9DE3-296692050208",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:txpert_hub_coretec_4_firmware:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DCAC45F3-66FB-4D56-9F46-BA90E0CDD7E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:txpert_hub_coretec_4_firmware:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7540E055-1C25-4487-BC43-CEE7B2370E54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:txpert_hub_coretec_4_firmware:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "276F34CB-D644-4E33-B254-FDD598D7372B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:txpert_hub_coretec_4_firmware:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F7496490-5B13-4DC9-8EC1-3E196683D536",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:txpert_hub_coretec_4_firmware:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A86BF5CA-E5EA-4694-84FF-74287FEE2342",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hitachienergy:txpert_hub_coretec_4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3ADE055E-8EE4-4CCE-9326-B70C101F0EF3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation vulnerability in a particular configuration setting field of Hitachi Energy TXpert Hub CoreTec 4 product, allows an attacker with access to an authorized user with ADMIN or ENGINEER role rights to inject an OS command that is executed by the system. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0; 2.0.1; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1."
},
{
"lang": "es",
"value": "Una vulnerabilidad de comprobaci\u00f3n de entrada inapropiada en un campo de configuraci\u00f3n particular del producto Hitachi Energy TXpert Hub CoreTec 4, permite a un atacante con acceso a un usuario autorizado con derechos de rol ADMIN o ENGINEER inyectar un comando del sistema operativo que es ejecutado por el sistema. Este problema afecta a: Hitachi Energy TXpert Hub CoreTec 4 versiones 2.0.0; 2.0.1; 2.1.0; 2.1.2; 2.1.3; 2.2.0; 2.2.1"
}
],
"id": "CVE-2021-35531",
"lastModified": "2024-11-21T06:12:27.417",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-07T21:15:14.720",
"references": [
{
"source": "cybersecurity@hitachienergy.com",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000080\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\u0026utm_campaign=\u0026utm_content=2022.04_5763_Cybersecurity%20Advisory%20Update_May_03\u0026utm_medium=email\u0026utm_source=Eloqua"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000080\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\u0026utm_campaign=\u0026utm_content=2022.04_5763_Cybersecurity%20Advisory%20Update_May_03\u0026utm_medium=email\u0026utm_source=Eloqua"
}
],
"sourceIdentifier": "cybersecurity@hitachienergy.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "cybersecurity@hitachienergy.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-02-21 14:15
Modified
2024-11-21 07:19
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A vulnerability exists in the IEC 61850 communication stack that affects multiple Hitachi Energy products.
An attacker could exploit the vulnerability by using a specially crafted message sequence, to force the IEC 61850 MMS-server communication stack, to stop accepting new MMS-client connections.
Already existing/established client-server connections are not affected.
List of affected CPEs:
* cpe:2.3:o:hitachienergy:fox61x_tego1:r15b08:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:fox61x_tego1:r2a16_3:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:fox61x_tego1:r2a16:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:fox61x_tego1:r1e01:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:fox61x_tego1:r1d02:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:fox61x_tego1:r1c07:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:fox61x_tego1:r1b02:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:gms600:1.3.0:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.1.*:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.5.*:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.6.0:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.6.0.1:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.7.0:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.7.2:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.8.0:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.0.*:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.1.0.4:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.1.0.5:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.*:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.4:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.4.1:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:mms:2.2.3:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:pwc600:1.0:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:pwc600:1.1:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:pwc600:1.2:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:reb500:7:*:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:reb500:8:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:relion670:1.2.*:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:relion670:2.0.*:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:relion650:1.1.*:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:relion650:1.3.*:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:relion650:2.1.*:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:relion670:2.1.*:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:relionSAM600-IO:2.2.1:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:relionSAM600-IO:2.2.5:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:relion670:2.2.*:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:relion650:2.2.*:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:rtu500cmu:12.*.*:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:rtu500cmu:13.*.*:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:txpert_hub_coretec_4:2.*:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:txpert_hub_coretec_4:3.0:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:txpert_hub_coretec_5:3.0:*:*:*:*:*:*:*
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cybersecurity@hitachienergy.com | https://search.abb.com/library/Download.aspx?DocumentID=8DBD000124&LanguageCode=en&DocumentPartId=&Action=Launch | Vendor Advisory | |
| cybersecurity@hitachienergy.com | https://search.abb.com/library/Download.aspx?DocumentID=8DBD000125&LanguageCode=en&DocumentPartId=&Action=Launch | Vendor Advisory | |
| cybersecurity@hitachienergy.com | https://search.abb.com/library/Download.aspx?DocumentID=8DBD000126&LanguageCode=en&DocumentPartId=&Action=Launch | Vendor Advisory | |
| cybersecurity@hitachienergy.com | https://search.abb.com/library/Download.aspx?DocumentID=8DBD000127&LanguageCode=en&DocumentPartId=&Action=Launch | Vendor Advisory | |
| cybersecurity@hitachienergy.com | https://search.abb.com/library/Download.aspx?DocumentID=8DBD000128&LanguageCode=en&DocumentPartId=&Action=Launch | Vendor Advisory | |
| cybersecurity@hitachienergy.com | https://search.abb.com/library/Download.aspx?DocumentID=8DBD000129&LanguageCode=en&DocumentPartId=&Action=Launch | Vendor Advisory | |
| cybersecurity@hitachienergy.com | https://search.abb.com/library/Download.aspx?DocumentID=8DBD000130&LanguageCode=en&DocumentPartId=&Action=Launch | Vendor Advisory | |
| cybersecurity@hitachienergy.com | https://search.abb.com/library/Download.aspx?DocumentID=8DBD000131&LanguageCode=en&DocumentPartId=&Action=Launch | Vendor Advisory | |
| cybersecurity@hitachienergy.com | https://search.abb.com/library/Download.aspx?DocumentID=8DBD000132&LanguageCode=en&DocumentPartId=&Action=Launch | Vendor Advisory | |
| cybersecurity@hitachienergy.com | https://search.abb.com/library/Download.aspx?DocumentID=8DBD000133&LanguageCode=en&DocumentPartId=&Action=Launch | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://search.abb.com/library/Download.aspx?DocumentID=8DBD000124&LanguageCode=en&DocumentPartId=&Action=Launch | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://search.abb.com/library/Download.aspx?DocumentID=8DBD000125&LanguageCode=en&DocumentPartId=&Action=Launch | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://search.abb.com/library/Download.aspx?DocumentID=8DBD000126&LanguageCode=en&DocumentPartId=&Action=Launch | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://search.abb.com/library/Download.aspx?DocumentID=8DBD000127&LanguageCode=en&DocumentPartId=&Action=Launch | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://search.abb.com/library/Download.aspx?DocumentID=8DBD000128&LanguageCode=en&DocumentPartId=&Action=Launch | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://search.abb.com/library/Download.aspx?DocumentID=8DBD000129&LanguageCode=en&DocumentPartId=&Action=Launch | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://search.abb.com/library/Download.aspx?DocumentID=8DBD000130&LanguageCode=en&DocumentPartId=&Action=Launch | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://search.abb.com/library/Download.aspx?DocumentID=8DBD000131&LanguageCode=en&DocumentPartId=&Action=Launch | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://search.abb.com/library/Download.aspx?DocumentID=8DBD000132&LanguageCode=en&DocumentPartId=&Action=Launch | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://search.abb.com/library/Download.aspx?DocumentID=8DBD000133&LanguageCode=en&DocumentPartId=&Action=Launch | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hitachienergy | sys600_firmware | * | |
| hitachienergy | sys600 | - | |
| hitachienergy | rtu500_firmware | * | |
| hitachienergy | rtu500_firmware | * | |
| hitachienergy | rtu500_firmware | * | |
| hitachienergy | rtu500_firmware | * | |
| hitachienergy | rtu500_firmware | * | |
| hitachienergy | rtu500_firmware | * | |
| hitachienergy | rtu500_firmware | * | |
| hitachienergy | rtu500_firmware | 13.4.1 | |
| hitachienergy | rtu500 | - | |
| hitachienergy | reb500_firmware | * | |
| hitachienergy | reb500 | - | |
| hitachienergy | pwc600_firmware | 1.0 | |
| hitachienergy | pwc600_firmware | 1.1 | |
| hitachienergy | pwc600_firmware | 1.2 | |
| hitachienergy | pwc600 | - | |
| hitachienergy | modular_switchgear_monitoring_firmware | * | |
| hitachienergy | modular_switchgear_monitoring | - | |
| hitachienergy | itt600_sa_explorer | 1.1.0 | |
| hitachienergy | itt600_sa_explorer | 1.1.1 | |
| hitachienergy | itt600_sa_explorer | 1.1.2 | |
| hitachienergy | itt600_sa_explorer | 1.5.0 | |
| hitachienergy | itt600_sa_explorer | 1.5.1 | |
| hitachienergy | itt600_sa_explorer | 1.6.0 | |
| hitachienergy | itt600_sa_explorer | 1.6.0.1 | |
| hitachienergy | itt600_sa_explorer | 1.7.0 | |
| hitachienergy | itt600_sa_explorer | 1.7.2 | |
| hitachienergy | itt600_sa_explorer | 1.8.0 | |
| hitachienergy | itt600_sa_explorer | 2.0.1 | |
| hitachienergy | itt600_sa_explorer | 2.0.2 | |
| hitachienergy | itt600_sa_explorer | 2.0.3 | |
| hitachienergy | itt600_sa_explorer | 2.0.4.1 | |
| hitachienergy | itt600_sa_explorer | 2.0.5.0 | |
| hitachienergy | itt600_sa_explorer | 2.0.5.4 | |
| hitachienergy | itt600_sa_explorer | 2.1.0.4 | |
| hitachienergy | itt600_sa_explorer | 2.1.0.5 | |
| hitachienergy | relion_sam600-io_firmware | 2.2.1 | |
| hitachienergy | relion_sam600-io_firmware | 2.2.5 | |
| hitachienergy | relion_sam600-io | - | |
| hitachienergy | relion_650_firmware | 1.1 | |
| hitachienergy | relion_650_firmware | 1.3 | |
| hitachienergy | relion_650_firmware | 2.1 | |
| hitachienergy | relion_650_firmware | 2.2.0 | |
| hitachienergy | relion_650_firmware | 2.2.1 | |
| hitachienergy | relion_650_firmware | 2.2.2 | |
| hitachienergy | relion_650_firmware | 2.2.3 | |
| hitachienergy | relion_650_firmware | 2.2.4 | |
| hitachienergy | relion_650_firmware | 2.2.5 | |
| hitachienergy | relion_650 | - | |
| hitachienergy | relion_670_firmware | 1.2 | |
| hitachienergy | relion_670_firmware | 2.0 | |
| hitachienergy | relion_670_firmware | 2.1 | |
| hitachienergy | relion_670_firmware | 2.2.0 | |
| hitachienergy | relion_670_firmware | 2.2.1 | |
| hitachienergy | relion_670_firmware | 2.2.2 | |
| hitachienergy | relion_670_firmware | 2.2.3 | |
| hitachienergy | relion_670_firmware | 2.2.4 | |
| hitachienergy | relion_670_firmware | 2.2.5 | |
| hitachienergy | relion_670 | - | |
| hitachienergy | gms600_firmware | 1.3.0 | |
| hitachienergy | gms600 | - | |
| hitachienergy | fox615_tego1_firmware | r1b02 | |
| hitachienergy | fox615_tego1_firmware | r1c07 | |
| hitachienergy | fox615_tego1_firmware | r1d02 | |
| hitachienergy | fox615_tego1_firmware | r1e01 | |
| hitachienergy | fox615_tego1_firmware | r2b16 | |
| hitachienergy | fox615_tego1_firmware | r2b16_03 | |
| hitachienergy | fox615_tego1_firmware | r15b08 | |
| hitachienergy | fox615_tego1 | - | |
| hitachienergy | txpert_hub_coretec_4_firmware | * | |
| hitachienergy | txpert_hub_coretec_4 | - | |
| hitachienergy | txpert_hub_coretec_5_firmware | 3.0.0 | |
| hitachienergy | txpert_hub_coretec_5 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hitachienergy:sys600_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC57CAB3-20C9-44D6-8677-17DBAC8FF49F",
"versionEndIncluding": "10.3.1",
"versionStartIncluding": "10.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hitachienergy:sys600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "42B6499F-D82D-4B02-BBEC-60B36FB0C678",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hitachienergy:rtu500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "469A34A6-EBE4-431C-A986-888BAF525E3C",
"versionEndIncluding": "12.0.14.0",
"versionStartIncluding": "12.0.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:rtu500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "497CA762-15EB-486D-BCC7-742A44F0DF9D",
"versionEndIncluding": "12.2.11.0",
"versionStartIncluding": "12.2.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:rtu500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CC749956-FA2D-4B16-8401-C015712A934C",
"versionEndIncluding": "12.4.11.0",
"versionStartIncluding": "12.4.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:rtu500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3D25273A-BBD5-4619-93C4-92A12F301088",
"versionEndIncluding": "12.6.8.0",
"versionStartIncluding": "12.6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:rtu500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3F726C7-E635-4525-984D-6EADBAA09933",
"versionEndIncluding": "12.7.4.0",
"versionStartIncluding": "12.7.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:rtu500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AC0F3E7E-B079-4488-BED6-E07BDE63C421",
"versionEndIncluding": "13.2.5.0",
"versionStartIncluding": "13.2.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:rtu500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D04CB998-0D74-4CD1-9F99-773103CB9979",
"versionEndIncluding": "13.3.3",
"versionStartIncluding": "13.3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:rtu500_firmware:13.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C0763F03-C6C8-4104-9028-3CF265F289D5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hitachienergy:rtu500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE94252D-03EE-451B-8322-B4DBC790C6E9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hitachienergy:reb500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "432FCDCF-03F2-4A0C-9ACA-73A012F43237",
"versionEndExcluding": "8.3.3",
"versionStartIncluding": "7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hitachienergy:reb500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0325854D-52C2-4126-8805-638243FD708E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hitachienergy:pwc600_firmware:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "91984E74-C518-472A-ADCF-3BF61781111B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:pwc600_firmware:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DAF326E7-792D-434C-9211-F6CEB8B8F1C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:pwc600_firmware:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9F7F2E89-2095-48F0-A8EA-0C13E10A9362",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hitachienergy:pwc600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C8CBFF7D-3B2E-4FA5-9E0C-15B78AFC8165",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hitachienergy:modular_switchgear_monitoring_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A31EE60F-F80D-40AF-A7C8-8EA462E48918",
"versionEndIncluding": "2.2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hitachienergy:modular_switchgear_monitoring:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6CBD92D1-045F-44D8-99B1-12C28B0271F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "23F810B7-E97C-4530-A0C5-789D55F4CAE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "427E4F50-4077-4515-B2EA-BF57D5A7489C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5E44F3FA-1450-4467-A509-6DA42057B69E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A67CF9CA-CDF6-4E87-A801-18B34D051A01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E327F624-ABE5-408D-AC34-EEE71024B689",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "27E57915-8250-4544-9F5B-FD520BA72F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0F13838-1555-4206-A4D1-9AFECBBAFD33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C74028E3-6FD9-4EAE-BA31-CE1208096ACF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F86C507F-0E18-437C-A1A5-258825E78FA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5BE52382-38FA-488F-851D-598AED0C8B6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "93C5044A-4AB4-40EF-976F-CDD16FA90F1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1B2696FC-1C4C-4586-854C-7235ADD8376D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "92B6B5B8-4E81-4450-94E6-CDFA26362A6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "929384A7-474C-448D-9834-23562CDF2B66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5DB26367-5B5D-4ED3-A103-204DBCF5CBF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.0.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4CE69E47-37D7-4F0E-A759-BD54565DF88D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FFB8C856-A056-4D7F-8C5D-30A409BCD22C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "91685621-1937-4494-89AF-7AC1973A2ABE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hitachienergy:relion_sam600-io_firmware:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DB5C50F4-CF04-4C13-868A-F7ECE49DE01B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:relion_sam600-io_firmware:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "698AED51-5521-4D9C-B2FA-F3D8526D9FB6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hitachienergy:relion_sam600-io:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E73E9D1A-1DFE-4B7C-81F1-0809071A3DDB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hitachienergy:relion_650_firmware:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BC40F16C-2EE1-4AEE-BF48-793EFBECDACD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:relion_650_firmware:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "82F2E748-7331-4B34-8474-A43A1220D208",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:relion_650_firmware:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D4C01C39-A91C-437F-BAF9-7E578D703685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:relion_650_firmware:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EA73DFC1-3953-48DB-BF8C-545BE5B7BFAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:relion_650_firmware:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A406AD0-38C5-4C32-AA88-AA45EE97C315",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:relion_650_firmware:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7B4E0311-0967-4AC9-B426-CAA0AF06855E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:relion_650_firmware:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB22A258-06C5-48E5-BEF0-9324BD7D301A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:relion_650_firmware:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "48B56792-02FF-4E3E-B306-DC58FED37128",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:relion_650_firmware:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "22E5CD7F-CD9D-4E89-BF2F-944300121D11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hitachienergy:relion_650:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1C658029-20F4-411A-B1FE-B4E07D590775",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hitachienergy:relion_670_firmware:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "63925E29-DB8F-4568-AD16-41C84A9C8EBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:relion_670_firmware:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA499D5E-A693-454D-B28D-E5D2247D1196",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:relion_670_firmware:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0F147EE7-0312-4BA6-ABAB-31CCFCA5AA75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:relion_670_firmware:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B91C1D5F-FE14-4121-A7C8-16F08D652610",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:relion_670_firmware:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A59F3E51-D3D5-4846-B8AA-6BAD4BCCCCE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:relion_670_firmware:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E368A106-A236-4A42-8608-43F47EB4A2C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:relion_670_firmware:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "29D2A64B-F136-49B8-9AF8-F8057F9227E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:relion_670_firmware:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8F2F0B80-070C-4610-862B-346994BFEC51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:relion_670_firmware:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "06064F73-366D-48C6-AACE-DCFC2F1B8E0E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hitachienergy:relion_670:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ADA98332-543F-48A7-B63C-B39F679D47F0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hitachienergy:gms600_firmware:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C54D374C-379B-4912-9330-30488C19F66C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hitachienergy:gms600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CB13E178-8C41-4FDB-89AE-23D0A9930B94",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hitachienergy:fox615_tego1_firmware:r1b02:*:*:*:*:*:*:*",
"matchCriteriaId": "D7B54A23-399B-4080-A15F-4C0CBA743E67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:fox615_tego1_firmware:r1c07:*:*:*:*:*:*:*",
"matchCriteriaId": "8C94ED80-743F-455D-90A4-35FFE7710A5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:fox615_tego1_firmware:r1d02:*:*:*:*:*:*:*",
"matchCriteriaId": "528BF8FA-44BD-40F0-8A60-D0AE659EBBC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:fox615_tego1_firmware:r1e01:*:*:*:*:*:*:*",
"matchCriteriaId": "A16F36DD-FF97-42CE-BB19-B7AE4B15356D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:fox615_tego1_firmware:r2b16:*:*:*:*:*:*:*",
"matchCriteriaId": "9E7121E7-7B4E-4CA1-8021-66B324CA2D29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:fox615_tego1_firmware:r2b16_03:*:*:*:*:*:*:*",
"matchCriteriaId": "DBAF5025-6B2A-44C3-99AF-FD10ADFF19B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:fox615_tego1_firmware:r15b08:*:*:*:*:*:*:*",
"matchCriteriaId": "76644F1E-8664-4F70-9553-D773D1362E06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hitachienergy:fox615_tego1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2AE327A1-E89A-4A6F-87C7-D2EFF0433380",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hitachienergy:txpert_hub_coretec_4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "419DB11F-2E9E-4E72-B6D4-FE34A4F0B9C6",
"versionEndIncluding": "3.0.0",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hitachienergy:txpert_hub_coretec_4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3ADE055E-8EE4-4CCE-9326-B70C101F0EF3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hitachienergy:txpert_hub_coretec_5_firmware:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "811B1987-4966-477D-8900-55E522AAC4E0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hitachienergy:txpert_hub_coretec_5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0266D80-DE86-4BF0-BF39-91EF99C4802C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\n\n\nA vulnerability exists in the IEC 61850 communication stack that affects multiple Hitachi Energy products.\u00a0\n\nAn attacker could exploit the vulnerability by using a specially crafted message sequence, to force the IEC 61850 MMS-server communication stack, to stop accepting new MMS-client connections.\u00a0\n\n\n\n\nAlready existing/established client-server connections are not affected.\n\n\n\n\n\nList of affected CPEs:\n\n\n\n\n * cpe:2.3:o:hitachienergy:fox61x_tego1:r15b08:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:fox61x_tego1:r2a16_3:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:fox61x_tego1:r2a16:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:fox61x_tego1:r1e01:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:fox61x_tego1:r1d02:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:fox61x_tego1:r1c07:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:fox61x_tego1:r1b02:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:gms600:1.3.0:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.1.*:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.5.*:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.6.0:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.6.0.1:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.7.0:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.7.2:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.8.0:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.0.*:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.1.0.4:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.1.0.5:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.*:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.4:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.4.1:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:mms:2.2.3:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:pwc600:1.0:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:pwc600:1.1:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:pwc600:1.2:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:reb500:7:*:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:reb500:8:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:relion670:1.2.*:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:relion670:2.0.*:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:relion650:1.1.*:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:relion650:1.3.*:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:relion650:2.1.*:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:relion670:2.1.*:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:relionSAM600-IO:2.2.1:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:relionSAM600-IO:2.2.5:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:relion670:2.2.*:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:relion650:2.2.*:*:*:*:*:*:*:*\n * cpe:2.3:o:hitachienergy:rtu500cmu:12.*.*:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:rtu500cmu:13.*.*:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:txpert_hub_coretec_4:2.*:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:txpert_hub_coretec_4:3.0:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:txpert_hub_coretec_5:3.0:*:*:*:*:*:*:*\n\n\n\n\n\n\n"
}
],
"id": "CVE-2022-3353",
"lastModified": "2024-11-21T07:19:21.390",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "cybersecurity@hitachienergy.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-21T14:15:13.463",
"references": [
{
"source": "cybersecurity@hitachienergy.com",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000124\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"source": "cybersecurity@hitachienergy.com",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000125\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"source": "cybersecurity@hitachienergy.com",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000126\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"source": "cybersecurity@hitachienergy.com",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000127\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"source": "cybersecurity@hitachienergy.com",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000128\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"source": "cybersecurity@hitachienergy.com",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000129\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"source": "cybersecurity@hitachienergy.com",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000130\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"source": "cybersecurity@hitachienergy.com",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000131\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"source": "cybersecurity@hitachienergy.com",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000132\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"source": "cybersecurity@hitachienergy.com",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000133\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000124\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000125\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000126\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000127\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000128\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000129\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000130\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000131\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000132\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000133\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"sourceIdentifier": "cybersecurity@hitachienergy.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-404"
}
],
"source": "cybersecurity@hitachienergy.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-404"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-07 21:15
Modified
2024-11-21 06:12
Severity ?
6.0 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability in the application authentication and authorization mechanism in Hitachi Energy's TXpert Hub CoreTec 4, that depends on a token validation of the session identifier, allows an unauthorized modified message to be executed in the server enabling an unauthorized actor to change an existing user password, and further gain authorized access into the system via login mechanism. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0 2.1.0; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cybersecurity@hitachienergy.com | https://search.abb.com/library/Download.aspx?DocumentID=8DBD000080&LanguageCode=en&DocumentPartId=&Action=Launch&utm_campaign=&utm_content=2022.04_5763_Cybersecurity%20Advisory%20Update_May_03&utm_medium=email&utm_source=Eloqua | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://search.abb.com/library/Download.aspx?DocumentID=8DBD000080&LanguageCode=en&DocumentPartId=&Action=Launch&utm_campaign=&utm_content=2022.04_5763_Cybersecurity%20Advisory%20Update_May_03&utm_medium=email&utm_source=Eloqua | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hitachienergy | txpert_hub_coretec_4_firmware | 2.0.0 | |
| hitachienergy | txpert_hub_coretec_4_firmware | 2.0.1 | |
| hitachienergy | txpert_hub_coretec_4_firmware | 2.1.0 | |
| hitachienergy | txpert_hub_coretec_4_firmware | 2.1.1 | |
| hitachienergy | txpert_hub_coretec_4_firmware | 2.1.2 | |
| hitachienergy | txpert_hub_coretec_4_firmware | 2.1.3 | |
| hitachienergy | txpert_hub_coretec_4_firmware | 2.2.0 | |
| hitachienergy | txpert_hub_coretec_4_firmware | 2.2.1 | |
| hitachienergy | txpert_hub_coretec_4 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hitachienergy:txpert_hub_coretec_4_firmware:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA6C5B5F-1C94-4CF2-9371-B77A06DF089E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:txpert_hub_coretec_4_firmware:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CC92EBD8-04A6-4010-8058-D7DC57698374",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:txpert_hub_coretec_4_firmware:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7AC186E8-E646-40C6-9DE3-296692050208",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:txpert_hub_coretec_4_firmware:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DCAC45F3-66FB-4D56-9F46-BA90E0CDD7E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:txpert_hub_coretec_4_firmware:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7540E055-1C25-4487-BC43-CEE7B2370E54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:txpert_hub_coretec_4_firmware:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "276F34CB-D644-4E33-B254-FDD598D7372B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:txpert_hub_coretec_4_firmware:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F7496490-5B13-4DC9-8EC1-3E196683D536",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hitachienergy:txpert_hub_coretec_4_firmware:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A86BF5CA-E5EA-4694-84FF-74287FEE2342",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hitachienergy:txpert_hub_coretec_4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3ADE055E-8EE4-4CCE-9326-B70C101F0EF3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the application authentication and authorization mechanism in Hitachi Energy\u0027s TXpert Hub CoreTec 4, that depends on a token validation of the session identifier, allows an unauthorized modified message to be executed in the server enabling an unauthorized actor to change an existing user password, and further gain authorized access into the system via login mechanism. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0 2.1.0; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el mecanismo de autenticaci\u00f3n y autorizaci\u00f3n de la aplicaci\u00f3n TXpert Hub CoreTec 4 de Hitachi Energy, que depende de la comprobaci\u00f3n del identificador de sesi\u00f3n, permite que sea ejecutado un mensaje modificado no autorizado en el servidor, lo que permite a un actor no autorizado cambiar una contrase\u00f1a de usuario existente y, adem\u00e1s, conseguir acceso autorizado al sistema por medio del mecanismo de inicio de sesi\u00f3n. Este problema afecta a: Hitachi Energy TXpert Hub CoreTec 4 versiones 2.0.0; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1"
}
],
"id": "CVE-2021-35530",
"lastModified": "2024-11-21T06:12:27.270",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.5,
"impactScore": 5.5,
"source": "cybersecurity@hitachienergy.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-07T21:15:14.640",
"references": [
{
"source": "cybersecurity@hitachienergy.com",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000080\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\u0026utm_campaign=\u0026utm_content=2022.04_5763_Cybersecurity%20Advisory%20Update_May_03\u0026utm_medium=email\u0026utm_source=Eloqua"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000080\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\u0026utm_campaign=\u0026utm_content=2022.04_5763_Cybersecurity%20Advisory%20Update_May_03\u0026utm_medium=email\u0026utm_source=Eloqua"
}
],
"sourceIdentifier": "cybersecurity@hitachienergy.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-288"
}
],
"source": "cybersecurity@hitachienergy.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}