The vulnerability of the configuration file implementation of the Hitachi Energy MicroSCADA X SYS600 software for equipment monitoring and control systems allows a perpetrator to execute arbitrary code with root privileges.

🗓️ 13 Oct 2022 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 2 Views

Remote attacker can run arbitrary code as root due to config file input validation flaw in SYS600.

Reporter	Title	Published	Views	Family All 11
CNNVD	Hitachi Energy MicroSCADA X SYS600 缓冲区错误漏洞	14 Sep 202200:00	–	cnnvd
CVE	CVE-2022-1778	14 Sep 202217:05	–	cve
Cvelist	CVE-2022-1778 A vulnerability exists during the start of the affected SYS600, where an input validation flaw causes a buffer-overflow while reading a specific configuration file. Subsequently SYS600 will fail to start. The configuration file can only be accessed by ...	14 Sep 202217:05	–	cvelist
EUVD	EUVD-2022-25059	3 Oct 202520:07	–	euvd
ICS	Hitachi Energy MicroSCADA Pro X SYS600	29 Sep 202200:00	–	ics
ICS	Hitachi Energy Gateway Station	6 Mar 202319:52	–	ics
NVD	CVE-2022-1778	14 Sep 202218:15	–	nvd
OSV	CVE-2022-1778	14 Sep 202218:15	–	osv
Prion	Buffer overflow	14 Sep 202218:15	–	prion
Positive Technologies	PT-2022-5038 · Hitachi Energy · Microscada X Sys600	18 May 202200:00	–	ptsecurity

Vulners

Node

hitachi,hitachi_energy_microscada_x_sys600Range10.0–10.3.1

Source	Link
vuldb	www.vuldb.com/
search	www.search.abb.com/library/Download.aspx
nvd	www.nvd.nist.gov/vuln/detail/CVE-2022-1778
web	www.web.nvd.nist.gov/view/vuln/detail

13 Oct 2022 00:00Current

6Medium risk

Vulners AI Score6

CVSS 37.5

CVSS 27.8

EPSS0.00201

config file input validation remote access arbitrary code root privileges equipment monitoring