CVE-2022-2277

2022-09-1418:15:10

CWE-1284

CWE-20

[email protected]

web.nvd.nist.gov

cve-2022-2277

improper input validation

hitachi energy

microscada x sys600

iccp

denial-of-service

vulnerability

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

38.6%

JSON

Improper Input Validation vulnerability exists in the Hitachi Energy MicroSCADA X SYS600’s ICCP stack during the ICCP communication establishment causes a denial-of-service when ICCP of SYS600 is request to forward any data item updates with timestamps too distant in the future to any remote ICCP system. By default, ICCP is not configured and not enabled. This issue affects: Hitachi Energy MicroSCADA X SYS600 version 10.2 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:::::::* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:::::::* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:::::::* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:::::::*

Affected configurations

NVD

Node

hitachienergymicroscada_x_sys600Range10.2–10.3.1

AND

hitachienergysys600Match-

CPENameOperatorVersion
hitachienergy:microscada_x_sys600hitachienergy microscada x sys600le10.3.1

CPE	Name	Operator	Version
hitachienergy:microscada_x_sys600	hitachienergy microscada x sys600	le	10.3.1

CNA Affected

[
  {
    "product": "MicroSCADA X SYS600",
    "vendor": "Hitachi Energy",
    "versions": [
      {
        "status": "affected",
        "version": "10.2"
      },
      {
        "status": "affected",
        "version": "10.2.1"
      },
      {
        "status": "affected",
        "version": "10.3"
      },
      {
        "status": "affected",
        "version": "10.3.1"
      }
    ]
  }
]