// For flags

CVE-2022-29922

A vulnerability exists in the handling of a specially crafted IEC 61850 packet with a valid data item but with incorrect data type in the IEC 61850 OPC Server. The vulnerability may cause a denial-of-service on the IEC 61850 OPC Server part of the SYS ...

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Improper Input Validation vulnerability in the handling of a specially crafted IEC 61850 packet with a valid data item but with incorrect data type in the IEC 61850 OPC Server in the Hitachi Energy MicroSCADA X SYS600, MicroSCADA Pro SYS600. The vulnerability may cause a denial-of-service on the IEC 61850 OPC Server part of the SYS600 product. This issue affects: Hitachi Energy MicroSCADA Pro SYS600 version 9.4 FP2 Hotfix 4 and earlier versions Hitachi Energy MicroSCADA X SYS600 version 10 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.0:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*

Una vulnerabilidad de comprobación de entrada inapropiada en el manejo de un paquete IEC 61850 especialmente diseñado con un elemento de datos válido pero con un tipo de datos incorrecto en el Servidor OPC IEC 61850 en Hitachi Energy MicroSCADA X SYS600, MicroSCADA Pro SYS600. La vulnerabilidad puede causar una denegación de servicio en la parte del servidor OPC IEC 61850 del producto SYS600. Este problema afecta a: Hitachi Energy MicroSCADA Pro SYS600 versión 9.4 FP2 Hotfix 4 y versiones anteriores Hitachi Energy MicroSCADA X SYS600 versión 10 hasta 10.3.1. cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.0:*:*:*:*:cpe:2. 3:a:hitachienergy:microscada_pro_sys600:9.1:*:*:*:*:*:cpe:2.3:a:hitachienergy:microscada_pro_sys600:9. 2:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.3:*:*:*:*:*:cpe:2.3:a:hitachienergy:microscada_pro_sys600:9. 4:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10. 1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:*:*:*:*:*:*:* cpe:2. 3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:cpe:2. 3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*:*

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-04-29 CVE Reserved
  • 2022-09-14 CVE Published
  • 2024-03-29 EPSS Updated
  • 2024-09-16 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-20: Improper Input Validation
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Hitachienergy
Search vendor "Hitachienergy"
 Microscada X Sys600
Search vendor "Hitachienergy" for product "Microscada X Sys600"
 >= 9.0 < 10.4
Search vendor "Hitachienergy" for product "Microscada X Sys600" and version " >= 9.0 < 10.4"
-
Affected
in Hitachienergy
Search vendor "Hitachienergy"
 Sys600
Search vendor "Hitachienergy" for product "Sys600"
--
Safe