Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-3864

A vulnerability exists in the Relion update package signature validation. A tampered update package could cause the IED to restart. After restart the device is back to normal operation. An attacker could exploit the vulnerability by first gaining access to the system with security privileges and attempt to update the IED with a malicious update package. Successful exploitation of this vulnerability will cause the IED to restart, causing a temporary Denial of Service.

Published

2024-01-04T10:15:11.267

Last Modified

2024-11-21T07:20:23.540

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-347
Type: Primary
CWE-347

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	hitachienergy	relion_650_firmware	2.2.0	Yes
Operating System	hitachienergy	relion_650_firmware	2.2.1	Yes
Operating System	hitachienergy	relion_650_firmware	2.2.4	Yes
Operating System	hitachienergy	relion_650_firmware	2.2.5	Yes
Hardware	hitachienergy	relion_650	-	No
Operating System	hitachienergy	relion_670_firmware	2.2.0	Yes
Operating System	hitachienergy	relion_670_firmware	2.2.1	Yes
Operating System	hitachienergy	relion_670_firmware	2.2.2	Yes
Operating System	hitachienergy	relion_670_firmware	2.2.3	Yes
Operating System	hitachienergy	relion_670_firmware	2.2.4	Yes
Operating System	hitachienergy	relion_670_firmware	2.2.5	Yes
Hardware	hitachienergy	relion_670	-	No
Operating System	hitachienergy	relion_sam600-io_firmware	2.2.1	Yes
Hardware	hitachienergy	relion_sam600-io	-	No

References

https://publisher.hitachienergy.com/preview?DocumentID=8DBD000146&LanguageCode=en&DocumentPartId=&Action=Launch Vendor Advisory ([email protected])
https://publisher.hitachienergy.com/preview?DocumentID=8DBD000146&LanguageCode=en&DocumentPartId=&Action=Launch Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)