Hitachienergy Security Vulnerabilities

CVE-2022-29492

Improper Input Validation vulnerability in the handling of a malformed IEC 104 TCP packet in the Hitachi Energy MicroSCADA X SYS600, MicroSCADA Pro SYS600. Upon receiving a malformed IEC 104 TCP packet, the malformed packet is dropped, however the TCP connection is left open. This may cause a denia...

CVE-2022-29922

Improper Input Validation vulnerability in the handling of a specially crafted IEC 61850 packet with a valid data item but with incorrect data type in the IEC 61850 OPC Server in the Hitachi Energy MicroSCADA X SYS600, MicroSCADA Pro SYS600. The vulnerability may cause a denial-of-service on the IE...

CVE-2022-3353

A vulnerability exists in the IEC 61850 communication stack that affects multiple Hitachi Energy products. An attacker could exploit the vulnerability by using a specially crafted message sequence, to force the IEC 61850 MMS-server communication stack, to stop accepting new MMS-client connections. ...

CVE-2022-3388

An input validation vulnerability exists in the Monitor Pro interface of MicroSCADAPro and MicroSCADA X SYS600. An authenticated user can launch an administrator level remote code execution irrespective of the authenticated user's role.

CVE-2022-3682

A vulnerability exists in the SDM600 file permission validation.An attacker could exploit the vulnerability by gaining access to the system and uploading a specially crafted message to the system node, which could result in Arbitrary code Executing. This issue affects: All SDM600 versions prior to ...

CVE-2022-3683

A vulnerability exists in the SDM600 API web services authorization validation implementation.An attacker who successfully exploits the vulnerability could read data directly from a data store that is not restricted, or insufficiently protected, having access to sensitive data. This issue affects: ...

CVE-2022-3684

A vulnerability exists in a SDM600 endpoint.An attacker could exploit this vulnerability by running multiple parallel requests, the SDM600 web services become busy rendering the application unresponsive.This issue affects: All SDM600 versions prior to version 1.2 FP3 HF4 (Build Nr. 1.2.23000.291) L...

CVE-2022-3685

A vulnerability exists in the SDM600 software. The software operates at a privilege level that is higher than the minimum level required. An attacker who successfully exploits this vulnerability can escalate privileges. This issue affects: All SDM600 versions prior to version 1.3.0. List of CPEs: c...

CVE-2022-3686

A vulnerability exists in a SDM600 endpoint.An attacker could exploit this vulnerability by running multiple parallel requests, the SDM600 web services become busy rendering the application unresponsive.This issue affects: All SDM600 versions prior to version 1.2 FP3 HF4 (Build Nr. 1.2.23000.291) L...

CVE-2022-3864

A vulnerability exists in the Relion update package signature validation. A tampered update package could cause the IED to restart. After restart the device is back to normal operation.An attacker could exploit the vulnerability by first gaining access tothe system with security privileges and atte...

CVE-2022-3927

The affected products store both public and private key that are used to sign andprotect Custom Parameter Set (CPS) file from modification. An attacker that manages to exploit this vulnerability will be able to changethe CPS file, sign it so that it is trusted as the legitimate CPS file. This issue...

CVE-2022-3928

Hardcoded credential is found in affected products' message queue. An attacker that manages to exploit this vulnerability will be able to access data to the internal message queue. This issue affects FOXMAN-UN product: FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, ...

CVE-2022-3929

Communication between the client and the server application of the affected products is partially done using CORBA (Common Object Request Broker Architecture) over TCP/IP. This protocol is not encrypted and allows tracing of internal messages. This issue affects FOXMAN-UN product: FOXMAN-UN R15B, F...

CVE-2022-4608

A vulnerability exists in HCI IEC 60870-5-104 function included in certain versions of the RTU500 series product. The vulnerability can only be exploited, if the HCI 60870-5-104 is configured with support for IEC 62351-3. After session resumption interval is expired an RTU500 initiated update of se...

CVE-2023-1514

A vulnerability exists in the component RTU500 Scripting interface. When a client connects to a server using TLS, the server presents a certificate. This certificate links a public key to the identity of the service and is signed by a Certification Authority (CA), allowing the client to validate th...

CVE-2023-1711

A vulnerability exists in a FOXMAN-UN and UNEM logging component, it only affects systems that use remote authentication to the network elements.If exploited an attacker could obtain confidential information. List of CPEs: cpe:2.3:a:hitachienergy:foxman_un:R9C:: :: :: :* cpe:2.3:a:hitachienergy:fox...

CVE-2023-2621

The McFeeder server (distributed as part of SSW package), is susceptible to an arbitrary file write vulnerability on the MAIN computersystem. This vulnerability stems from the use of an outdated version of a third-party library, which is used to extract archives uploaded to McFeeder server. An auth...

CVE-2023-2622

Authenticated clients can read arbitrary files on the MAIN Computersystem using the remote procedure call (RPC) of the InspectSetupservice endpoint. The low privilege client is then allowed to read arbitrary files that they do not have authorization to read.

CVE-2023-4518

A vulnerability exists in the input validation of the GOOSEmessages where out of range values received and processedby the IED caused a reboot of the device. In order for anattacker to exploit the vulnerability, goose receiving blocks needto be configured.

CVE-2023-4816

A vulnerability exists in the Equipment Tag Out authentication, when configured with Single Sign-On (SSO) with password validation in T214. This vulnerability can be exploited by an authenticated user per-forming an Equipment Tag Out holder action (Accept, Release, and Clear) for another user and e...

CVE-2023-5514

The response messages received from the eSOMS report generation using certain parameter queries with full file path can beabused for enumerating the local file system structure.

CVE-2023-5515

The responses for web queries with certain parameters disclose internal path of resources. This information can be used to learn internal structure of the application and to further plot attacks againstweb servers and deployed web applications.

CVE-2023-5516

Poorly constructed webap requests and URI components with special characters trigger unhandled errors and exceptions, disclosinginformation about the underlying technology and other sensitive information details. The website unintentionally reveals sensitive information including technical details ...

CVE-2023-5767

A vulnerability exists in the webserver that affects theRTU500 series product versions listed below. A maliciousactor could perform cross-site scripting on the webserverdue to an RDT language file being improperly sanitized.

CVE-2023-5768

A vulnerability exists in the HCI IEC 60870-5-104 that affects the RTU500 series product versions listed below.Incomplete or wrong received APDU frame layout maycause blocking on link layer. Error reason was an endless blocking when reading incoming frames on link layerwith wrong length information...

CVE-2023-5769

A vulnerability exists in the webserver that affects theRTU500 series product versions listed below. A maliciousactor could perform cross-site scripting on the webserverdue to user input being improperly sanitized.

CVE-2023-6711

Vulnerability exists in SCI IEC 60870-5-104 and HCI IEC 60870-5-104 that affects the RTU500 series product versions listed below. Specially crafted messages sent to the mentioned components are not validated properly and can result in buffer overflow and as final consequence to a reboot of an RTU50...