CVSS: 7.8EPSS: 0%CPEs: 74EXPL: 0CVE-2022-3353 – IEC 61850 MMS-Server Vulnerability in multiple Hitachi Energy Products
https://notcve.org/view.php?id=CVE-2022-3353
21 Feb 2023 — A vulnerability exists in the IEC 61850 communication stack that affects multiple Hitachi Energy products. An attacker could exploit the vulnerability by using a specially crafted message sequence, to force the IEC 61850 MMS-server communication stack, to stop accepting new MMS-client connections. Already existing/established client-server connections are not affected. List of affected CPEs: * cpe:2.3:o:hitachienergy:fox61x_tego1:r15b08:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:fox61x_tego1:r2a16_3:*:*:*:*:*:... • https://search.abb.com/library/Download.aspx?DocumentID=8DBD000124&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-404: Improper Resource Shutdown or Release •
CVSS: 9.0EPSS: 0%CPEs: 34EXPL: 0CVE-2021-35534 – Insufficient Security Control Vulnerability
https://notcve.org/view.php?id=CVE-2021-35534
18 Nov 2021 — Insufficient security control vulnerability in internal database access mechanism of Hitachi Energy Relion 670/650/SAM600-IO, Relion 650, GMS600, PWC600 allows attacker who successfully exploited this vulnerability, of which the product does not sufficiently restrict access to an internal database tables, could allow anybody with user credentials to bypass security controls that is enforced by the product. Consequently, exploitation may lead to unauthorized modifications on data/firmware, and/or to permanen... • https://search.abb.com/library/Download.aspx?DocumentID=8DBD000058&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-269: Improper Privilege Management CWE-274: Improper Handling of Insufficient Privileges •
CVSS: 7.5EPSS: 1%CPEs: 38EXPL: 0CVE-2021-27196 – Specially Crafted IEC 61850 Protocol Sequence Vulnerability
https://notcve.org/view.php?id=CVE-2021-27196
14 Jun 2021 — Improper Input Validation vulnerability in Hitachi ABB Power Grids Relion 670 Series, Relion 670/650 Series, Relion 670/650/SAM600-IO, Relion 650, REB500, RTU500 Series, FOX615 (TEGO1), MSM, GMS600, PWC600 allows an attacker with access to the IEC 61850 network with knowledge of how to reproduce the attack, as well as the IP addresses of the different IEC 61850 access points (of IEDs/products), to force the device to reboot, which renders the device inoperable for approximately 60 seconds. This vulnerabilit... • https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A8932&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2019-18253
https://notcve.org/view.php?id=CVE-2019-18253
27 Nov 2019 — An attacker could use specially crafted paths in a specific request to read or delete files from Relion 670 Series (versions 1p1r26, 1.2.3.17, 2.0.0.10, RES670 2.0.0.4, 2.1.0.1, and prior) outside the intended directory. Un atacante podría utilizar rutas especialmente diseñadas en una petición específica para leer o eliminar archivos desde Relion 670 Series (versiones 1p1r26, 1.2.3.17, 2.0.0.10, RES670 2.0.0.4, 2.1.0.1 y anteriores) fuera del directorio previsto. • https://www.us-cert.gov/ics/advisories/icsa-19-330-01 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2019-18247
https://notcve.org/view.php?id=CVE-2019-18247
27 Nov 2019 — An attacker may use a specially crafted message to force Relion 650 series (versions 1.3.0.5 and prior) or Relion 670 series (versions 1.2.3.18, 2.0.0.11, 2.1.0.1 and prior) to reboot, which could cause a denial of service. Un atacante puede utilizar un mensaje especialmente diseñado para forzar a Relion 650 series (versiones 1.3.0.5 y anteriores) o Relion 670 series (versiones 1.2.3.18, 2.0.0.11, 2.1.0.1 y anteriores) a reiniciarse, lo que podría causar una denegación de servicio. • https://www.us-cert.gov/ics/advisories/icsa-19-330-02 • CWE-20: Improper Input Validation •