Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-2277

Improper Input Validation vulnerability exists in the Hitachi Energy MicroSCADA X SYS600's ICCP stack during the ICCP communication establishment causes a denial-of-service when ICCP of SYS600 is request to forward any data item updates with timestamps too distant in the future to any remote ICCP system. By default, ICCP is not configured and not enabled. This issue affects: Hitachi Energy MicroSCADA X SYS600 version 10.2 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*

Published

2022-09-14T18:15:10.230

Last Modified

2024-11-21T07:00:40.417

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-1284
Type: Primary
CWE-1284

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	hitachienergy	microscada_x_sys600	≤ 10.3.1	Yes
Hardware	hitachienergy	sys600	-	No

References

https://publisher.hitachienergy.com/preview?DocumentID=8DBD000106&LanguageCode=en&DocumentPartId=&Action=Launch ([email protected])
https://search.abb.com/library/Download.aspx?DocumentID=8DBD000106&LanguageCode=en&DocumentPartId=&Action=Launch (af854a3a-2127-422b-91ae-364da2661108)