CVE-2022-3686 SDM600 API permission check

🗓️ 28 Mar 2023 12:57:11Reported by Hitachi EnergyType

CVE-2022-3686 SDM600 endpoint vulnerabilit

Reporter	Title	Published	Views	Family All 11
BDU FSTEC	The vulnerability of the software interface of the Hitachi Energy System Data Manager SDM600, which allows a perpetrator to compromise the confidentiality and integrity of information.	7 Apr 202300:00	–	bdu_fstec
Circl	CVE-2022-3686	28 Mar 202316:44	–	circl
CNNVD	SDM600 安全漏洞	28 Mar 202300:00	–	cnnvd
CVE	CVE-2022-3686	28 Mar 202312:57	–	cve
EUVD	EUVD-2022-43045	3 Oct 202520:07	–	euvd
ICS	Hitachi Energy MicroSCADA System Data Manager SDM600	10 Apr 202315:37	–	ics
NVD	CVE-2022-3686	28 Mar 202313:15	–	nvd
OSV	CVE-2022-3686	28 Mar 202313:15	–	osv
Prion	Hardcoded credentials	28 Mar 202313:15	–	prion
Positive Technologies	PT-2023-2146 · Hitachi Energy · Sdm600	28 Mar 202300:00	–	ptsecurity

[
  {
    "defaultStatus": "unaffected",
    "product": "SDM600",
    "vendor": "Hitachi Energy",
    "versions": [
      {
        "status": "unaffected",
        "version": "SDM600 1.3"
      },
      {
        "lessThanOrEqual": "SDM600 1.2.*",
        "status": "affected",
        "version": "SDM600 1.2",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "SDM600 1.1.*",
        "status": "affected",
        "version": "SDM600 1.1",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "SDM600 1.0.*",
        "status": "affected",
        "version": "SDM600 1.0",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
search	www.search.abb.com/library/Download.aspx

28 Mar 2023 12:57Current

9.2High risk

Vulners AI Score9.2

CVSS 3.14.8

EPSS0.01442

CWE-285