9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.6 High
AI Score
Confidence
High
9 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
0.025 Low
EPSS
Percentile
89.9%
Successful exploitation of these vulnerabilities by an attacker could have a high impact on availability, integrity, and confidentiality of the targeted devices.
The following Hitachi Energy products and versions are affected:
3.2.1 INCORRECT CALCULATION CWE-682
In Expat (aka libexpat) before 2.4.3, a left shift by 29(or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).
CVE-2021-45960 has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
3.2.2 INTEGER OVERFLOW OR WRAPAROUND CWE-190
In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.
CVE-2021-46143 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).
3.2.3 INTEGER OVERFLOW OR WRAPAROUND CWE-190
Vulnerable code using addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVE-2022-22822 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
3.2.4 INTEGER OVERFLOW OR WRAPAROUND CWE-190
Vulnerable code using build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVE-2022-22823 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
3.2.5 INTEGER OVERFLOW OR WRAPAROUND CWE-190
Vulnerable code using defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVE-2022-22824 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
3.2.6 INTEGER OVERFLOW OR WRAPAROUND CWE-190
The lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVE-2022-22825 has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).
3.2.7 INTEGER OVERFLOW OR WRAPAROUND CWE-190
Vulnerable code using nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow
CVE-2022-22826 has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H ).
3.2.8 INTEGER OVERFLOW OR WRAPAROUND CWE-190
An insecure direct object reference for the file-download URL in Synametrics SynaMan before 5.0 allows a remote attacker to access unshared files via a modified base64-encoded filename string.
CVE-2022-22827 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
3.2.9 INTEGER OVERFLOW OR WRAPAROUND CWE-190
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.
CVE-2022-25314 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
3.2.10 INTEGER OVERFLOW OR WRAPAROUND CWE-190
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames
CVE-2022-25315 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
3.2.11 IMPROPER ENCODING OR ESCAPING OF OUTPUT CWE-116
Vulnerable code in xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.
CVE-2022-25235 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
3.2.12 EXPOSURE OF RESOURCE TO WRONG SPHERE CWE-668
Vulnerable code in xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.
CVE-2022-25236 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
3.2.13 INTEGER OVERFLOW OR WRAPAROUND CWE-190
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES
CVE-2022-23852 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
3.2.14 INTEGER OVERFLOW OR WRAPAROUND CWE-190
Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.
CVE-2022-23990 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
Hitachi Energy reported these vulnerabilities to CISA.
Hitachi energy recommends the following actions:
Hitachi Energy’s general mitigation factors:
Security practices and firewall configurations can help protect a process control network from attacks that originate from outside the network. Such practices include that process control systems are physically protected from direct access by unauthorized personnel, have no direct connections to the Internet, and are separated from other networks by means of a firewall system that has a minimal number of ports exposed, and others that have to be evaluated case by case. Process control systems should not be used for Internet surfing, instant messaging, or receiving e-mails. Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system.
For more information, please visit Hitachi Energy’s Advisory.
CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
CISA also recommends users take the following measures to protect themselves from social engineering attacks:
No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45960
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-46143
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22822
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22823
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22824
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22825
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22826
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22827
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-23852
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-23990
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25235
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25236
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25314
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25315
cwe.mitre.org/data/definitions/116.html
cwe.mitre.org/data/definitions/190.html
cwe.mitre.org/data/definitions/190.html
cwe.mitre.org/data/definitions/190.html
cwe.mitre.org/data/definitions/190.html
cwe.mitre.org/data/definitions/190.html
cwe.mitre.org/data/definitions/190.html
cwe.mitre.org/data/definitions/190.html
cwe.mitre.org/data/definitions/190.html
cwe.mitre.org/data/definitions/190.html
cwe.mitre.org/data/definitions/190.html
cwe.mitre.org/data/definitions/190.html
cwe.mitre.org/data/definitions/668.html
cwe.mitre.org/data/definitions/682.html
github.com/cisagov/CSAF
public.govdelivery.com/accounts/USDHSCISA/subscriber/new?topic_id=USDHSCISA_138
publisher.hitachienergy.com/preview?DocumentId=8DBD000165&DocumentRevisionId=B&languageCode=en&Preview=true
twitter.com/CISAgov
twitter.com/intent/tweet?text=Hitachi%20Energy%20AFS65x%2C%20AFF66x%2C%20AFS67x%2C%20and%20AFR67x%20Series%20Products+https://www.cisa.gov/news-events/ics-advisories/icsa-23-278-01
us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf
www.cisa.gov/resources-tools/resources/ics-recommended-practices
www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf
www.cisa.gov/topics/industrial-control-systems
www.cisa.gov/topics/industrial-control-systems
www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B
www.cisa.gov/uscert/ncas/tips/ST04-014
www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdf
www.dhs.gov
www.dhs.gov/foia
www.dhs.gov/performance-financial-reports
www.facebook.com/CISA
www.facebook.com/sharer/sharer.php?u=https://www.cisa.gov/news-events/ics-advisories/icsa-23-278-01&title=Hitachi%20Energy%20AFS65x%2C%20AFF66x%2C%20AFS67x%2C%20and%20AFR67x%20Series%20Products
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
www.instagram.com/cisagov
www.linkedin.com/company/cybersecurity-and-infrastructure-security-agency
www.linkedin.com/sharing/share-offsite/?url=https://www.cisa.gov/news-events/ics-advisories/icsa-23-278-01
www.oig.dhs.gov/
www.surveymonkey.com/r/CISA-cyber-survey?product=https://www.cisa.gov/news-events/ics-advisories/icsa-23-278-01
www.usa.gov/
www.whitehouse.gov/
www.youtube.com/@cisagov
mailto:?subject=Hitachi%20Energy%20AFS65x%2C%20AFF66x%2C%20AFS67x%2C%20and%20AFR67x%20Series%20Products&body=www.cisa.gov/news-events/ics-advisories/icsa-23-278-01
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.6 High
AI Score
Confidence
High
9 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
0.025 Low
EPSS
Percentile
89.9%