CVE-2022-1778

Improper Input Validation vulnerability in Hitachi Energy MicroSCADA X SYS600 while reading a specific configuration file causes a buffer-overflow that causes a failure to start the SYS600. The configuration file can only be accessed by an administrator access. This issue affects: Hitachi Energy MicroSCADA X SYS600 version 10 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*

CVSS v3 4.4 MEDIUM

4.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://search.abb.com/library/Download.aspx?DocumentID=8DBD000106&LanguageCode=en&DocumentPartId=&Action=Launch	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:hitachienergy:microscada_x_sys600:*:*:*:*:*:*:*:*

cpe:2.3:h:hitachienergy:sys600:-:*:*:*:*:*:*:*

History

27 Jun 2023, 15:47

Type	Values Removed	Values Added
CWE	~~CWE-120~~	CWE-119

Information

Published : 2022-09-14 18:15

Updated : 2024-02-28 19:29

NVD link : CVE-2022-1778

Mitre link : CVE-2022-1778

CVE.ORG link : CVE-2022-1778

JSON object : View

Products Affected

hitachienergy

sys600
microscada_x_sys600

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-20

Improper Input Validation

{"id": "CVE-2022-1778", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 0.8}, {"type": "Secondary", "source": "cybersecurity@hitachienergy.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2022-09-14T18:15:09.953", "references": [{"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000106&LanguageCode=en&DocumentPartId=&Action=Launch", "tags": ["Vendor Advisory"], "source": "cybersecurity@hitachienergy.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}, {"type": "Secondary", "source": "cybersecurity@hitachienergy.com", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Improper Input Validation vulnerability in Hitachi Energy MicroSCADA X SYS600 while reading a specific configuration file causes a buffer-overflow that causes a failure to start the SYS600. The configuration file can only be accessed by an administrator access. This issue affects: Hitachi Energy MicroSCADA X SYS600 version 10 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*"}, {"lang": "es", "value": "Una vulnerabilidad de comprobaci\u00f3n de entrada inapropiada en Hitachi Energy MicroSCADA X SYS600 mientras es le\u00eddo un archivo de configuraci\u00f3n espec\u00edfico causa un desbordamiento del b\u00fafer que causa un fallo en el inicio del SYS600. S\u00f3lo puede accederse al archivo de configuraci\u00f3n mediante un acceso de administrador. Este problema afecta a: Hitachi Energy MicroSCADA X SYS600 versi\u00f3n 10 hasta 10.3.1. cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:cpe:2. 3:a:hitachienergy:microscada_x_sys600:10.1:*:*:*:*:*:*:cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:*:*:*:*:*:*:*:cpe:2. 3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:cpe:2. 3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*:*"}], "lastModified": "2023-06-27T15:47:06.047", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hitachienergy:microscada_x_sys600:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0566FCE7-F150-4DEC-A35C-A8A3EBEE8D3D", "versionEndIncluding": "10.3.1", "versionStartIncluding": "10.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hitachienergy:sys600:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "42B6499F-D82D-4B02-BBEC-60B36FB0C678"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cybersecurity@hitachienergy.com"}