CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-29922 – A vulnerability exists in the handling of a specially crafted IEC 61850 packet with a valid data item but with incorrect data type in the IEC 61850 OPC Server. The vulnerability may cause a denial-of-service on the IEC 61850 OPC Server part of the SYS ...
https://notcve.org/view.php?id=CVE-2022-29922
Improper Input Validation vulnerability in the handling of a specially crafted IEC 61850 packet with a valid data item but with incorrect data type in the IEC 61850 OPC Server in the Hitachi Energy MicroSCADA X SYS600, MicroSCADA Pro SYS600. The vulnerability may cause a denial-of-service on the IEC 61850 OPC Server part of the SYS600 product. This issue affects: Hitachi Energy MicroSCADA Pro SYS600 version 9.4 FP2 Hotfix 4 and earlier versions Hitachi Energy MicroSCADA X SYS600 version 10 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.0:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:* Una vulnerabilidad de comprobación de entrada inapropiada en el manejo de un paquete IEC 61850 especialmente diseñado con un elemento de datos válido pero con un tipo de datos incorrecto en el Servidor OPC IEC 61850 en Hitachi Energy MicroSCADA X SYS600, MicroSCADA Pro SYS600. La vulnerabilidad puede causar una denegación de servicio en la parte del servidor OPC IEC 61850 del producto SYS600. Este problema afecta a: Hitachi Energy MicroSCADA Pro SYS600 versión 9.4 FP2 Hotfix 4 y versiones anteriores Hitachi Energy MicroSCADA X SYS600 versión 10 hasta 10.3.1. cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.0:*:*:*:*:cpe:2. 3:a:hitachienergy:microscada_pro_sys600:9.1:*:*:*:*:*:cpe:2.3:a:hitachienergy:microscada_pro_sys600:9. 2:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.3:*:*:*:*:*:cpe:2.3:a:hitachienergy:microscada_pro_sys600:9. 4:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10. 1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:*:*:*:*:*:*:* cpe:2. 3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:cpe:2. 3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*:* • https://search.abb.com/library/Download.aspx?DocumentID=8DBD000106&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-2277 – A vulnerability exists in the ICCP stack of the affected SYS600 versions due to validation flaw in the process that establishes the ICCP communication. The validation flaw will cause a denial-of-service when ICCP of SYS600 is request to forward any da ...
https://notcve.org/view.php?id=CVE-2022-2277
Improper Input Validation vulnerability exists in the Hitachi Energy MicroSCADA X SYS600's ICCP stack during the ICCP communication establishment causes a denial-of-service when ICCP of SYS600 is request to forward any data item updates with timestamps too distant in the future to any remote ICCP system. By default, ICCP is not configured and not enabled. This issue affects: Hitachi Energy MicroSCADA X SYS600 version 10.2 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:* Se presenta una vulnerabilidad de comprobación de entrada inapropiada en la pila ICCP de Hitachi Energy MicroSCADA X SYS600 durante el establecimiento de la comunicación ICCP que causa una denegación de servicio cuando es solicitado a ICCP de SYS600 que reenvíe cualquier actualización de elementos de datos con marcas de tiempo demasiado distantes en el futuro a cualquier sistema ICCP remoto. Por defecto, ICCP no está configurado ni habilitado. Este problema afecta: Hitachi Energy MicroSCADA X SYS600 versión 10.2 a versión 10.3.1. cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:cpe:2.3:a:hitachienergy:microscada_x_sys600:10. 2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:* • https://search.abb.com/library/Download.aspx?DocumentID=8DBD000106&LanguageCode=en&DocumentPartId=&Action=Launch https://publisher.hitachienergy.com/preview?DocumentID=8DBD000106&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-20: Improper Input Validation CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-29490 – A vulnerability exists in the Workplace X WebUI in which an authenticated user is able to execute any MicroSCADA internal scripts irrespective of the authenticated user's role.
https://notcve.org/view.php?id=CVE-2022-29490
Improper Authorization vulnerability exists in the Workplace X WebUI of the Hitachi Energy MicroSCADA X SYS600 allows an authenticated user to execute any MicroSCADA internal scripts irrespective of the authenticated user's role. This issue affects: Hitachi Energy MicroSCADA X SYS600 version 10 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:* Se presenta una vulnerabilidad de Autorización Inapropiada en la WebUI de Workplace X de Hitachi Energy MicroSCADA X SYS600 que permite a un usuario autenticado ejecutar cualquier script interno de MicroSCADA independientemente del rol del usuario autenticado. Este problema afecta: Hitachi Energy MicroSCADA X SYS600 versiones 10 hasta 10.3.1. cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:cpe:2. 3:a:hitachienergy:microscada_x_sys600:10.1:*:*:*:*:*:*:cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:*:*:*:*:*:*:*:cpe:2. 3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:cpe:2. 3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:* • https://search.abb.com/library/Download.aspx?DocumentID=8DBD000106&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-285: Improper Authorization •