// For flags

CVE-2022-2277

A vulnerability exists in the ICCP stack of the affected SYS600 versions due to validation flaw in the process that establishes the ICCP communication. The validation flaw will cause a denial-of-service when ICCP of SYS600 is request to forward any da ...

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Improper Input Validation vulnerability exists in the Hitachi Energy MicroSCADA X SYS600's ICCP stack during the ICCP communication establishment causes a denial-of-service when ICCP of SYS600 is request to forward any data item updates with timestamps too distant in the future to any remote ICCP system. By default, ICCP is not configured and not enabled. This issue affects: Hitachi Energy MicroSCADA X SYS600 version 10.2 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*

Se presenta una vulnerabilidad de comprobación de entrada inapropiada en la pila ICCP de Hitachi Energy MicroSCADA X SYS600 durante el establecimiento de la comunicación ICCP que causa una denegación de servicio cuando es solicitado a ICCP de SYS600 que reenvíe cualquier actualización de elementos de datos con marcas de tiempo demasiado distantes en el futuro a cualquier sistema ICCP remoto. Por defecto, ICCP no está configurado ni habilitado. Este problema afecta: Hitachi Energy MicroSCADA X SYS600 versión 10.2 a versión 10.3.1. cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:cpe:2.3:a:hitachienergy:microscada_x_sys600:10. 2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-07-01 CVE Reserved
  • 2022-09-14 CVE Published
  • 2024-03-29 EPSS Updated
  • 2024-09-25 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-20: Improper Input Validation
  • CWE-1284: Improper Validation of Specified Quantity in Input
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Hitachienergy
Search vendor "Hitachienergy"
 Microscada X Sys600
Search vendor "Hitachienergy" for product "Microscada X Sys600"
 >= 10.2 <= 10.3.1
Search vendor "Hitachienergy" for product "Microscada X Sys600" and version " >= 10.2 <= 10.3.1"
-
Affected
in Hitachienergy
Search vendor "Hitachienergy"
 Sys600
Search vendor "Hitachienergy" for product "Sys600"
--
Safe