CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-4816
https://notcve.org/view.php?id=CVE-2023-4816
11 Sep 2023 — A vulnerability exists in the Equipment Tag Out authentication, when configured with Single Sign-On (SSO) with password validation in T214. This vulnerability can be exploited by an authenticated user per-forming an Equipment Tag Out holder action (Accept, Release, and Clear) for another user and entering an arbitrary password in the holder action confirmation dialog box. Despite entering an arbitrary password in the confirmation box, the system will execute the selected holder action. Existe una vulnerabil... • https://images.go.hitachienergy.com/Web/ABBEnterpriseSoftware/%7B70b3d323-4866-42e1-8a75-58996729c1d4%7D_8DBD000172-VU-2023-23_Asset_Suite_Tagout_vulnerability_Rev1.pdf • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-4608
https://notcve.org/view.php?id=CVE-2022-4608
26 Jul 2023 — A vulnerability exists in HCI IEC 60870-5-104 function included in certain versions of the RTU500 series product. The vulnerability can only be exploited, if the HCI 60870-5-104 is configured with support for IEC 62351-3. After session resumption interval is expired an RTU500 initiated update of session parameters causes an unexpected restart due to a stack overflow. • https://search.abb.com/library/Download.aspx?DocumentID=8DBD000121&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-2502
https://notcve.org/view.php?id=CVE-2022-2502
26 Jul 2023 — A vulnerability exists in the HCI IEC 60870-5-104 function included in certain versions of the RTU500 series product. The vulnerability can only be exploited, if the HCI 60870-5-104 is configured with support for IEC 62351-5 and the CMU contains the license feature ‘Advanced security’ which must be ordered separately. If these preconditions are fulfilled, an attacker could exploit the vulnerability by sending a specially crafted message to the RTU500, causing the targeted RTU500 CMU to reboot. The vulnerabi... • https://search.abb.com/library/Download.aspx?DocumentID=8DBD000121&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-20: Improper Input Validation CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 4.4EPSS: 0%CPEs: 18EXPL: 0CVE-2023-1711
https://notcve.org/view.php?id=CVE-2023-1711
30 May 2023 — A vulnerability exists in a FOXMAN-UN and UNEM logging component, it only affects systems that use remote authentication to the network elements. If exploited an attacker could obtain confidential information. List of CPEs: * cpe:2.3:a:hitachienergy:foxman_un:R9C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman_un:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman_un:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman_un:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman_un:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hi... • https://search.abb.com/library/Download.aspx?DocumentID=8DBD000155&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-116: Improper Encoding or Escaping of Output CWE-117: Improper Output Neutralization for Logs •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3685 – SDM600 software privilege level
https://notcve.org/view.php?id=CVE-2022-3685
28 Mar 2023 — A vulnerability exists in the SDM600 software. The software operates at a privilege level that is higher than the minimum level required. An attacker who successfully exploits this vulnerability can escalate privileges. This issue affects: All SDM600 versions prior to version 1.3.0. List of CPEs: * cpe:2.3:a:hitachienergy:sdm600:1.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.1:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.9002.257:*:*:*:*:*:*:* *... • https://search.abb.com/library/Download.aspx?DocumentID=8DBD000138&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-285: Improper Authorization •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3686 – SDM600 API permission check
https://notcve.org/view.php?id=CVE-2022-3686
28 Mar 2023 — A vulnerability exists in a SDM600 endpoint. An attacker could exploit this vulnerability by running multiple parallel requests, the SDM600 web services become busy rendering the application unresponsive. This issue affects: All SDM600 versions prior to version 1.2 FP3 HF4 (Build Nr. 1.2.23000.291) List of CPEs: * cpe:2.3:a:hitachienergy:sdm600:1.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.1:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.9002.257... • https://search.abb.com/library/Download.aspx?DocumentID=8DBD000138&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-285: Improper Authorization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3684 – SDM600 endpoint vulnerability
https://notcve.org/view.php?id=CVE-2022-3684
28 Mar 2023 — A vulnerability exists in a SDM600 endpoint. An attacker could exploit this vulnerability by running multiple parallel requests, the SDM600 web services become busy rendering the application unresponsive. This issue affects: All SDM600 versions prior to version 1.2 FP3 HF4 (Build Nr. 1.2.23000.291) List of CPEs: * cpe:2.3:a:hitachienergy:sdm600:1.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.1:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.9002.257... • https://search.abb.com/library/Download.aspx?DocumentID=8DBD000138&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-404: Improper Resource Shutdown or Release •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3683 – SDM600 API web services authorization validation
https://notcve.org/view.php?id=CVE-2022-3683
28 Mar 2023 — A vulnerability exists in the SDM600 API web services authorization validation implementation. An attacker who successfully exploits the vulnerability could read data directly from a data store that is not restricted, or insufficiently protected, having access to sensitive data. This issue affects: All SDM600 versions prior to version 1.2 FP3 HF4 (Build Nr. 1.2.23000.291) List of CPEs: * cpe:2.3:a:hitachienergy:sdm600:1.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.1:*:*:*:*:*:*:* * cpe:2.3:a:hitachien... • https://search.abb.com/library/Download.aspx?DocumentID=8DBD000138&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-285: Improper Authorization •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3682 – SDM600 file permission validation
https://notcve.org/view.php?id=CVE-2022-3682
28 Mar 2023 — A vulnerability exists in the SDM600 file permission validation. An attacker could exploit the vulnerability by gaining access to the system and uploading a specially crafted message to the system node, which could result in Arbitrary code Executing. This issue affects: All SDM600 versions prior to version 1.2 FP3 HF4 (Build Nr. 1.2.23000.291) List of CPEs: * cpe:2.3:a:hitachienergy:sdm600:1.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.1:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2:*:*:*:*:*:*:*... • https://search.abb.com/library/Download.aspx?DocumentID=8DBD000138&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: 74EXPL: 0CVE-2022-3353 – IEC 61850 MMS-Server Vulnerability in multiple Hitachi Energy Products
https://notcve.org/view.php?id=CVE-2022-3353
21 Feb 2023 — A vulnerability exists in the IEC 61850 communication stack that affects multiple Hitachi Energy products. An attacker could exploit the vulnerability by using a specially crafted message sequence, to force the IEC 61850 MMS-server communication stack, to stop accepting new MMS-client connections. Already existing/established client-server connections are not affected. List of affected CPEs: * cpe:2.3:o:hitachienergy:fox61x_tego1:r15b08:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:fox61x_tego1:r2a16_3:*:*:*:*:*:... • https://search.abb.com/library/Download.aspx?DocumentID=8DBD000124&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-404: Improper Resource Shutdown or Release •