A vulnerability exists in the Relion update package signature validation. A tampered update package could cause the IED to restart. After restart the device is back to normal operation.
An attacker could exploit the vulnerability by first gaining access to
the system with security privileges and attempt to update the IED
with a malicious update package. Successful exploitation of this
vulnerability will cause the IED to restart, causing a temporary Denial of Service.
References
Link | Resource |
---|---|
https://publisher.hitachienergy.com/preview?DocumentID=8DBD000146&LanguageCode=en&DocumentPartId=&Action=Launch | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
History
10 Jan 2024, 16:32
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.5 |
CWE | CWE-347 | |
References | () https://publisher.hitachienergy.com/preview?DocumentID=8DBD000146&LanguageCode=en&DocumentPartId=&Action=Launch - Vendor Advisory | |
First Time |
Hitachienergy relion 670
Hitachienergy relion Sam600-io Hitachienergy relion 650 Firmware Hitachienergy relion 670 Firmware Hitachienergy Hitachienergy relion Sam600-io Firmware Hitachienergy relion 650 |
|
CPE | cpe:2.3:o:hitachienergy:relion_670_firmware:2.2.5:*:*:*:*:*:*:* cpe:2.3:o:hitachienergy:relion_670_firmware:2.2.3:*:*:*:*:*:*:* cpe:2.3:o:hitachienergy:relion_sam600-io_firmware:2.2.1:*:*:*:*:*:*:* cpe:2.3:o:hitachienergy:relion_650_firmware:2.2.1:*:*:*:*:*:*:* cpe:2.3:o:hitachienergy:relion_670_firmware:2.2.2:*:*:*:*:*:*:* cpe:2.3:o:hitachienergy:relion_650_firmware:2.2.0:*:*:*:*:*:*:* cpe:2.3:h:hitachienergy:relion_670:-:*:*:*:*:*:*:* cpe:2.3:o:hitachienergy:relion_670_firmware:2.2.1:*:*:*:*:*:*:* cpe:2.3:o:hitachienergy:relion_650_firmware:2.2.4:*:*:*:*:*:*:* cpe:2.3:h:hitachienergy:relion_sam600-io:-:*:*:*:*:*:*:* cpe:2.3:o:hitachienergy:relion_650_firmware:2.2.5:*:*:*:*:*:*:* cpe:2.3:o:hitachienergy:relion_670_firmware:2.2.4:*:*:*:*:*:*:* cpe:2.3:h:hitachienergy:relion_650:-:*:*:*:*:*:*:* cpe:2.3:o:hitachienergy:relion_670_firmware:2.2.0:*:*:*:*:*:*:* |
04 Jan 2024, 10:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-04 10:15
Updated : 2024-02-28 20:54
NVD link : CVE-2022-3864
Mitre link : CVE-2022-3864
CVE.ORG link : CVE-2022-3864
JSON object : View
Products Affected
hitachienergy
- relion_670
- relion_650
- relion_670_firmware
- relion_650_firmware
- relion_sam600-io_firmware
- relion_sam600-io
CWE
CWE-347
Improper Verification of Cryptographic Signature