Search

Find a vulnerability

Search criteria

    10 vulnerabilities found for MicroSCADA Pro SYS600 by Hitachi Energy

    CVE-2024-4872 (GCVE-0-2024-4872)

    Vulnerability from nvd – Published: 2024-08-27 12:37 – Updated: 2025-08-27 21:30
    VLAI
    Summary
    A vulnerability exists in the query validation of the MicroSCADA Pro/X SYS600 product. If exploited this could allow an authenticated attacker to inject code towards persistent data. Note that to successfully exploit this vulnerability an attacker must have a valid credential.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-943 - Improper Neutralization of Special Elements in Data Query Logic
    Assigner
    References
    Impacted products
    Vendor Product Version
    Hitachi Energy MicroSCADA X SYS600 Affected: 10.0 , ≤ 10.5 (custom)
    Unaffected: 10.3 vulnerability patch 2025_01 (custom)
    Unaffected: 10.4 vulnerability patch 2025_01 (custom)
    Unaffected: 10.5 vulnerability patch 2025_01 (custom)
    Create a notification for this product.
    Hitachi Energy MicroSCADA Pro SYS600 Affected: 9.4 FP2 HF1 , ≤ 9.4 FP2 HF5 (custom)
    Create a notification for this product.
    hitachienergy microscada_sys600 Affected: 10.0 , ≤ 10.5 (custom)
        cpe:2.3:a:hitachienergy:microscada_sys600:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:hitachienergy:microscada_sys600:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "microscada_sys600",
                "vendor": "hitachienergy",
                "versions": [
                  {
                    "lessThanOrEqual": "10.5",
                    "status": "affected",
                    "version": "10.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-4872",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-27T13:40:43.456014Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-27T21:30:14.068Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "MicroSCADA X SYS600",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "lessThanOrEqual": "10.5",
                  "status": "affected",
                  "version": "10.0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "10.3 vulnerability patch 2025_01",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "10.4 vulnerability patch 2025_01",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "10.5 vulnerability patch 2025_01",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MicroSCADA Pro SYS600",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "lessThanOrEqual": "9.4 FP2 HF5",
                  "status": "affected",
                  "version": "9.4 FP2 HF1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A vulnerability exists in the query validation of the MicroSCADA Pro/X SYS600 product. If exploited this could allow an authenticated attacker to inject code towards persistent data. Note that to successfully exploit this vulnerability\nan attacker must have a valid credential.\n\n\u003cbr\u003e"
                }
              ],
              "value": "A vulnerability exists in the query validation of the MicroSCADA Pro/X SYS600 product. If exploited this could allow an authenticated attacker to inject code towards persistent data. Note that to successfully exploit this vulnerability\nan attacker must have a valid credential."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-248",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-248 Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "MicroSCADA X SYS600"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "MicroSCADA Pro SYS600"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-943",
                  "description": "CWE-943 Improper Neutralization of Special Elements in Data Query Logic",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-11T14:01:46.020Z",
            "orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
            "shortName": "Hitachi Energy"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://publisher.hitachienergy.com/preview?DocumentID=8DBD000160\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
        "assignerShortName": "Hitachi Energy",
        "cveId": "CVE-2024-4872",
        "datePublished": "2024-08-27T12:37:28.958Z",
        "dateReserved": "2024-05-14T14:41:23.177Z",
        "dateUpdated": "2025-08-27T21:30:14.068Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-3980 (GCVE-0-2024-3980)

    Vulnerability from nvd – Published: 2024-08-27 12:42 – Updated: 2025-08-27 21:24
    VLAI
    Summary
    The MicroSCADA Pro/X SYS600 product allows an authenticated user input to control or influence paths or file names that are used in filesystem operations. If exploited the vulnerability allows the attacker to access or modify system files or other files that are critical to the application.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Impacted products
    Vendor Product Version
    Hitachi Energy MicroSCADA X SYS600 Affected: 10.0 , ≤ 10.5 (custom)
    Create a notification for this product.
    Hitachi Energy MicroSCADA Pro SYS600 Affected: 9.4 FP2 HF1 , ≤ 9.4 FP2 HF5 (custom)
    Affected: 9.4 FP1 (custom)
    Create a notification for this product.
    hitachienergy microscada_sys600 Affected: 10.0 , ≤ 10.5 (custom)
        cpe:2.3:a:hitachienergy:microscada_sys600:10.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:hitachienergy:microscada_sys600:10.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "microscada_sys600",
                "vendor": "hitachienergy",
                "versions": [
                  {
                    "lessThanOrEqual": "10.5",
                    "status": "affected",
                    "version": "10.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-3980",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-28T14:10:05.924302Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-27T21:24:22.839Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "MicroSCADA X SYS600",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "lessThanOrEqual": "10.5",
                  "status": "affected",
                  "version": "10.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MicroSCADA Pro SYS600",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "lessThanOrEqual": "9.4 FP2 HF5",
                  "status": "affected",
                  "version": "9.4 FP2 HF1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "9.4 FP1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The MicroSCADA Pro/X SYS600 product allows an authenticated user input to control or influence paths or file names\nthat are used in filesystem operations. If exploited the vulnerability allows the attacker to access or modify system files or\nother files that are critical to the application."
                }
              ],
              "value": "The MicroSCADA Pro/X SYS600 product allows an authenticated user input to control or influence paths or file names\nthat are used in filesystem operations. If exploited the vulnerability allows the attacker to access or modify system files or\nother files that are critical to the application."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-38",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-38 Leveraging/Manipulating Configuration File Search Paths"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "MicroSCADA X SYS600"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "MicroSCADA Pro SYS600"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-29T13:35:30.374Z",
            "orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
            "shortName": "Hitachi Energy"
          },
          "references": [
            {
              "url": "https://publisher.hitachienergy.com/preview?DocumentID=8DBD000160\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
        "assignerShortName": "Hitachi Energy",
        "cveId": "CVE-2024-3980",
        "datePublished": "2024-08-27T12:42:41.124Z",
        "dateReserved": "2024-04-19T12:45:24.793Z",
        "dateUpdated": "2025-08-27T21:24:22.839Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-3388 (GCVE-0-2022-3388)

    Vulnerability from nvd – Published: 2022-11-21 00:00 – Updated: 2025-07-23 20:45
    VLAI
    Title
    Input Validation Vulnerability in Hitachi Energy’s MicroSCADA Pro/X SYS600 Products
    Summary
    An input validation vulnerability exists in the Monitor Pro interface of MicroSCADA Pro and MicroSCADA X SYS600. An authenticated user can launch an administrator level remote code execution irrespective of the authenticated user's role.
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:07:06.515Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000123\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\u0026elqaid=4293\u0026elqat=1",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000123\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\u0026elqaid=4293\u0026elqat=1"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "MicroSCADA Pro SYS600",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.0"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MicroSCADA X SYS600",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An input validation vulnerability exists in the Monitor Pro interface of MicroSCADA\nPro and MicroSCADA X SYS600. An authenticated user can launch an administrator level remote code execution irrespective of the authenticated user\u0027s role."
                }
              ],
              "value": "An input validation vulnerability exists in the Monitor Pro interface of MicroSCADA\nPro and MicroSCADA X SYS600. An authenticated user can launch an administrator level remote code execution irrespective of the authenticated user\u0027s role."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-23",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-23 File Content Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-19T04:28:13.552Z",
            "orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
            "shortName": "Hitachi Energy"
          },
          "references": [
            {
              "name": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000123\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\u0026elqaid=4293\u0026elqat=1",
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000123\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\u0026elqaid=4293\u0026elqat=1"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "For SYS600 9.x: update to at SYS600 version SYS600 9.4 FP2\u0026nbsp;Hotfix 5 when it is released or upgrade to at least SYS600 version 10.4.1.\u003cbr\u003e\n\nA requirement to install SYS600 9.4 FP2 Hotfix 5 is to have at least\nthe SYS600 9.4 FP2 Hotfix 4 installed.\u003cbr\u003e\u003cbr\u003e \n\nCPE:\u0026nbsp;\u003cbr\u003ecpe:2.3:a:hitachienergy:microscada_pro_sys600:9.0:*:*:*:*:*:*:*\u003cbr\u003e\n\ncpe:2.3:a:hitachienergy:microscada_pro_sys600:9.1:*:*:*:*:*:*:*\n\n\u003cbr\u003e\n\ncpe:2.3:a:hitachienergy:microscada_pro_sys600:9.2:*:*:*:*:*:*:*\n\n\u003cbr\u003e\n\ncpe:2.3:a:hitachienergy:microscada_pro_sys600:9.3:*:*:*:*:*:*:*\n\n\u003cbr\u003e\n\ncpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:*:*:*:*:*:*:*\n\n\u003cbr\u003e\u003cbr\u003e"
                }
              ],
              "value": "For SYS600 9.x: update to at SYS600 version SYS600 9.4 FP2\u00a0Hotfix 5 when it is released or upgrade to at least SYS600 version 10.4.1.\n\n\nA requirement to install SYS600 9.4 FP2 Hotfix 5 is to have at least\nthe SYS600 9.4 FP2 Hotfix 4 installed.\n\n \n\nCPE:\u00a0\ncpe:2.3:a:hitachienergy:microscada_pro_sys600:9.0:*:*:*:*:*:*:*\n\n\ncpe:2.3:a:hitachienergy:microscada_pro_sys600:9.1:*:*:*:*:*:*:*\n\n\n\n\ncpe:2.3:a:hitachienergy:microscada_pro_sys600:9.2:*:*:*:*:*:*:*\n\n\n\n\ncpe:2.3:a:hitachienergy:microscada_pro_sys600:9.3:*:*:*:*:*:*:*\n\n\n\n\ncpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:*:*:*:*:*:*:*"
            },
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "For SYS600 10.x update to at least SYS600 version 10.4.1\nOr apply general mitigation factors.\u003cbr\u003e\u003cbr\u003e\n\n\nCPE:\u0026nbsp;\u003cbr\u003ecpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:*\u003cbr\u003ecpe:2.3:a:hitachienergy:microscada_x_sys600:10.1:*:*:*:*:*:*:*\u003cbr\u003ecpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:*:*:*:*:*:*:*\u003cbr\u003ecpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:*\u003cbr\u003ecpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:*\u003cbr\u003ecpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:*\u003cbr\u003ecpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*\u003cbr\u003ecpe:2.3:a:hitachienergy:microscada_x_sys600:10.4:*:*:*:*:*:*:*\u003cbr\u003e\u003cbr\u003e"
                }
              ],
              "value": "For SYS600 10.x update to at least SYS600 version 10.4.1\nOr apply general mitigation factors.\n\n\n\n\nCPE:\u00a0\ncpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:*\ncpe:2.3:a:hitachienergy:microscada_x_sys600:10.1:*:*:*:*:*:*:*\ncpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:*:*:*:*:*:*:*\ncpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:*\ncpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:*\ncpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:*\ncpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*\ncpe:2.3:a:hitachienergy:microscada_x_sys600:10.4:*:*:*:*:*:*:*"
            }
          ],
          "source": {
            "advisory": "8DBD000123",
            "discovery": "INTERNAL"
          },
          "title": "Input Validation Vulnerability in Hitachi Energy\u2019s MicroSCADA Pro/X SYS600 Products",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Recommended security practices and firewall configurations can help protect a process control network from\nattacks that originate from outside the network. Such practices include that process control systems are physically protected from direct access by unauthorized personnel, have no direct connections to the Internet, and\nare separated from other networks by means of a firewall system that has a minimal number of ports exposed,\nand others that have to be evaluated case by case. Process control systems should not be used for Internet\nsurfing, instant messaging, or receiving e-mails. Portable computers and removable storage media should be\u0026nbsp;carefully scanned for viruses before they are connected to a control system. Proper password policies and processes should be followed.\nWe recommend following the cybersecurity deployment guideline as follows: 1MRK511518 MicroSCADA X\nCyber Security Deployment Guideline.\n\n\u003cbr\u003e"
                }
              ],
              "value": "Recommended security practices and firewall configurations can help protect a process control network from\nattacks that originate from outside the network. Such practices include that process control systems are physically protected from direct access by unauthorized personnel, have no direct connections to the Internet, and\nare separated from other networks by means of a firewall system that has a minimal number of ports exposed,\nand others that have to be evaluated case by case. Process control systems should not be used for Internet\nsurfing, instant messaging, or receiving e-mails. Portable computers and removable storage media should be\u00a0carefully scanned for viruses before they are connected to a control system. Proper password policies and processes should be followed.\nWe recommend following the cybersecurity deployment guideline as follows: 1MRK511518 MicroSCADA X\nCyber Security Deployment Guideline."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
        "assignerShortName": "Hitachi Energy",
        "cveId": "CVE-2022-3388",
        "datePublished": "2022-11-21T00:00:00.000Z",
        "dateReserved": "2022-09-30T00:00:00.000Z",
        "dateUpdated": "2025-07-23T20:45:00.000Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-29922 (GCVE-0-2022-29922)

    Vulnerability from nvd – Published: 2022-09-14 17:03 – Updated: 2025-06-04 15:06
    VLAI
    Title
    A vulnerability exists in the handling of a specially crafted IEC 61850 packet with a valid data item but with incorrect data type in the IEC 61850 OPC Server. The vulnerability may cause a denial-of-service on the IEC 61850 OPC Server part of the SYS ...
    Summary
    Improper Input Validation vulnerability in the handling of a specially crafted IEC 61850 packet with a valid data item but with incorrect data type in the IEC 61850 OPC Server in the Hitachi Energy MicroSCADA X SYS600, MicroSCADA Pro SYS600. The vulnerability may cause a denial-of-service on the IEC 61850 OPC Server part of the SYS600 product. This issue affects: Hitachi Energy MicroSCADA Pro SYS600 version 9.4 FP2 Hotfix 4 and earlier versions Hitachi Energy MicroSCADA X SYS600 version 10 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.0:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    Hitachi Energy MicroSCADA X SYS600 Affected: 10
    Affected: 10.1
    Affected: 10.1.1
    Affected: 10.2
    Affected: 10.2.1
    Affected: 10.3
    Affected: 10.3.1
    Create a notification for this product.
    Hitachi Energy MicroSCADA Pro SYS600 Affected: unspecified , ≤ 9.2 FP2 Hotfix 4 (custom)
    Create a notification for this product.
    Date Public
    2022-09-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T06:33:43.179Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000106\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-29922",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-04T15:06:18.636818Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-04T15:06:31.593Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "MicroSCADA X SYS600",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "status": "affected",
                  "version": "10"
                },
                {
                  "status": "affected",
                  "version": "10.1"
                },
                {
                  "status": "affected",
                  "version": "10.1.1"
                },
                {
                  "status": "affected",
                  "version": "10.2"
                },
                {
                  "status": "affected",
                  "version": "10.2.1"
                },
                {
                  "status": "affected",
                  "version": "10.3"
                },
                {
                  "status": "affected",
                  "version": "10.3.1"
                }
              ]
            },
            {
              "product": "MicroSCADA Pro SYS600",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "lessThanOrEqual": "9.2 FP2 Hotfix 4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-09-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper Input Validation vulnerability in the handling of a specially crafted IEC 61850 packet with a valid data item but with incorrect data type in the IEC 61850 OPC Server in the Hitachi Energy MicroSCADA X SYS600, MicroSCADA Pro SYS600. The vulnerability may cause a denial-of-service on the IEC 61850 OPC Server part of the SYS600 product. This issue affects: Hitachi Energy MicroSCADA Pro SYS600 version 9.4 FP2 Hotfix 4 and earlier versions Hitachi Energy MicroSCADA X SYS600 version 10 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.0:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-14T17:03:34.000Z",
            "orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
            "shortName": "Hitachi Energy"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000106\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Remediated in SYS600 10.4 \nFor MicroSCADA Pro SYS600  - Upgrade to at least SYS600 version 10.4.\nFor MicroSCADA X SYS600  - Update to at least SYS600 version 10.4."
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "A vulnerability exists in the handling of a specially crafted IEC 61850 packet with a valid data item but with incorrect data type in the IEC 61850 OPC Server. The vulnerability may cause a denial-of-service on the IEC 61850 OPC Server part of the SYS ...",
          "workarounds": [
            {
              "lang": "en",
              "value": "Apply general mitigation factors as specify in the advisory."
            }
          ],
          "x_ConverterErrors": {
            "TITLE": {
              "error": "TITLE too long. Truncating in v5 record.",
              "message": "Truncated!"
            }
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@hitachienergy.com",
              "DATE_PUBLIC": "2022-09-06T14:30:00.000Z",
              "ID": "CVE-2022-29922",
              "STATE": "PUBLIC",
              "TITLE": "A vulnerability exists in the handling of a specially crafted IEC 61850 packet with a valid data item but with incorrect data type in the IEC 61850 OPC Server. The vulnerability may cause a denial-of-service on the IEC 61850 OPC Server part of the SYS600 product."
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "MicroSCADA X SYS600",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "10"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "10.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "10.1.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "10.2"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "10.2.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "10.3"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "10.3.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "MicroSCADA Pro SYS600",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "9.2 FP2 Hotfix 4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Hitachi Energy"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper Input Validation vulnerability in the handling of a specially crafted IEC 61850 packet with a valid data item but with incorrect data type in the IEC 61850 OPC Server in the Hitachi Energy MicroSCADA X SYS600, MicroSCADA Pro SYS600. The vulnerability may cause a denial-of-service on the IEC 61850 OPC Server part of the SYS600 product. This issue affects: Hitachi Energy MicroSCADA Pro SYS600 version 9.4 FP2 Hotfix 4 and earlier versions Hitachi Energy MicroSCADA X SYS600 version 10 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.0:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*"
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-20 Improper Input Validation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000106\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
                  "refsource": "CONFIRM",
                  "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000106\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Remediated in SYS600 10.4 \nFor MicroSCADA Pro SYS600  - Upgrade to at least SYS600 version 10.4.\nFor MicroSCADA X SYS600  - Update to at least SYS600 version 10.4."
              }
            ],
            "source": {
              "discovery": "INTERNAL"
            },
            "work_around": [
              {
                "lang": "en",
                "value": "Apply general mitigation factors as specify in the advisory."
              }
            ]
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
        "assignerShortName": "Hitachi Energy",
        "cveId": "CVE-2022-29922",
        "datePublished": "2022-09-14T17:03:34.160Z",
        "dateReserved": "2022-04-29T00:00:00.000Z",
        "dateUpdated": "2025-06-04T15:06:31.593Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-29492 (GCVE-0-2022-29492)

    Vulnerability from nvd – Published: 2022-09-14 17:07 – Updated: 2025-06-04 15:03
    VLAI
    Title
    A vulnerability exists in the handling of a malformed IEC 104 TCP packet. Upon receiving a malformed IEC 104 TCP packet, the malformed packet is dropped, however the TCP connection is left open. This may cause a denial-of-service if the affected conne ...
    Summary
    Improper Input Validation vulnerability in the handling of a malformed IEC 104 TCP packet in the Hitachi Energy MicroSCADA X SYS600, MicroSCADA Pro SYS600. Upon receiving a malformed IEC 104 TCP packet, the malformed packet is dropped, however the TCP connection is left open. This may cause a denial-of-service if the affected connection is left open. This issue affects: Hitachi Energy MicroSCADA Pro SYS600 version 9.4 FP2 Hotfix 4 and earlier versions Hitachi Energy MicroSCADA X SYS600 version 10 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.0:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    Hitachi Energy MicroSCADA X SYS600 Affected: 10
    Affected: 10.1
    Affected: 10.1.1
    Affected: 10.2
    Affected: 10.2.1
    Affected: 10.3
    Affected: 10.3.1
    Create a notification for this product.
    Hitachi Energy MicroSCADA Pro SYS600 Affected: unspecified , ≤ 9.2 FP2 Hotfix 4 (custom)
    Create a notification for this product.
    Date Public
    2022-09-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T06:26:05.982Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000106\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-29492",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-04T15:03:06.930475Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-04T15:03:09.994Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "MicroSCADA X SYS600",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "status": "affected",
                  "version": "10"
                },
                {
                  "status": "affected",
                  "version": "10.1"
                },
                {
                  "status": "affected",
                  "version": "10.1.1"
                },
                {
                  "status": "affected",
                  "version": "10.2"
                },
                {
                  "status": "affected",
                  "version": "10.2.1"
                },
                {
                  "status": "affected",
                  "version": "10.3"
                },
                {
                  "status": "affected",
                  "version": "10.3.1"
                }
              ]
            },
            {
              "product": "MicroSCADA Pro SYS600",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "lessThanOrEqual": "9.2 FP2 Hotfix 4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-09-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper Input Validation vulnerability in the handling of a malformed IEC 104 TCP packet in the Hitachi Energy MicroSCADA X SYS600, MicroSCADA Pro SYS600. Upon receiving a malformed IEC 104 TCP packet, the malformed packet is dropped, however the TCP connection is left open. This may cause a denial-of-service if the affected connection is left open. This issue affects: Hitachi Energy MicroSCADA Pro SYS600 version 9.4 FP2 Hotfix 4 and earlier versions Hitachi Energy MicroSCADA X SYS600 version 10 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.0:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-14T17:07:31.000Z",
            "orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
            "shortName": "Hitachi Energy"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000106\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Remediated in SYS600 10.4 \nFor MicroSCADA Pro SYS600  - Upgrade to at least SYS600 version 10.4.\nFor MicroSCADA X SYS600  - Update to at least SYS600 version 10.4."
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "A vulnerability exists in the handling of a malformed IEC 104 TCP packet. Upon receiving a malformed IEC 104 TCP packet, the malformed packet is dropped, however the TCP connection is left open. This may cause a denial-of-service if the affected conne ...",
          "workarounds": [
            {
              "lang": "en",
              "value": "Apply general mitigation factors as specify in the advisory."
            }
          ],
          "x_ConverterErrors": {
            "TITLE": {
              "error": "TITLE too long. Truncating in v5 record.",
              "message": "Truncated!"
            }
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@hitachienergy.com",
              "DATE_PUBLIC": "2022-09-06T14:30:00.000Z",
              "ID": "CVE-2022-29492",
              "STATE": "PUBLIC",
              "TITLE": "A vulnerability exists in the handling of a malformed IEC 104 TCP packet. Upon receiving a malformed IEC 104 TCP packet, the malformed packet is dropped, however the TCP connection is left open. This may cause a denial-of-service if the affected connection is left open."
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "MicroSCADA X SYS600",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "10"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "10.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "10.1.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "10.2"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "10.2.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "10.3"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "10.3.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "MicroSCADA Pro SYS600",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "9.2 FP2 Hotfix 4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Hitachi Energy"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper Input Validation vulnerability in the handling of a malformed IEC 104 TCP packet in the Hitachi Energy MicroSCADA X SYS600, MicroSCADA Pro SYS600. Upon receiving a malformed IEC 104 TCP packet, the malformed packet is dropped, however the TCP connection is left open. This may cause a denial-of-service if the affected connection is left open. This issue affects: Hitachi Energy MicroSCADA Pro SYS600 version 9.4 FP2 Hotfix 4 and earlier versions Hitachi Energy MicroSCADA X SYS600 version 10 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.0:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*"
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-20 Improper Input Validation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000106\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
                  "refsource": "CONFIRM",
                  "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000106\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Remediated in SYS600 10.4 \nFor MicroSCADA Pro SYS600  - Upgrade to at least SYS600 version 10.4.\nFor MicroSCADA X SYS600  - Update to at least SYS600 version 10.4."
              }
            ],
            "source": {
              "discovery": "INTERNAL"
            },
            "work_around": [
              {
                "lang": "en",
                "value": "Apply general mitigation factors as specify in the advisory."
              }
            ]
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
        "assignerShortName": "Hitachi Energy",
        "cveId": "CVE-2022-29492",
        "datePublished": "2022-09-14T17:07:31.147Z",
        "dateReserved": "2022-04-29T00:00:00.000Z",
        "dateUpdated": "2025-06-04T15:03:09.994Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-3980 (GCVE-0-2024-3980)

    Vulnerability from cvelistv5 – Published: 2024-08-27 12:42 – Updated: 2025-08-27 21:24
    VLAI
    Summary
    The MicroSCADA Pro/X SYS600 product allows an authenticated user input to control or influence paths or file names that are used in filesystem operations. If exploited the vulnerability allows the attacker to access or modify system files or other files that are critical to the application.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Impacted products
    Vendor Product Version
    Hitachi Energy MicroSCADA X SYS600 Affected: 10.0 , ≤ 10.5 (custom)
    Create a notification for this product.
    Hitachi Energy MicroSCADA Pro SYS600 Affected: 9.4 FP2 HF1 , ≤ 9.4 FP2 HF5 (custom)
    Affected: 9.4 FP1 (custom)
    Create a notification for this product.
    hitachienergy microscada_sys600 Affected: 10.0 , ≤ 10.5 (custom)
        cpe:2.3:a:hitachienergy:microscada_sys600:10.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:hitachienergy:microscada_sys600:10.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "microscada_sys600",
                "vendor": "hitachienergy",
                "versions": [
                  {
                    "lessThanOrEqual": "10.5",
                    "status": "affected",
                    "version": "10.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-3980",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-28T14:10:05.924302Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-27T21:24:22.839Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "MicroSCADA X SYS600",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "lessThanOrEqual": "10.5",
                  "status": "affected",
                  "version": "10.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MicroSCADA Pro SYS600",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "lessThanOrEqual": "9.4 FP2 HF5",
                  "status": "affected",
                  "version": "9.4 FP2 HF1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "9.4 FP1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The MicroSCADA Pro/X SYS600 product allows an authenticated user input to control or influence paths or file names\nthat are used in filesystem operations. If exploited the vulnerability allows the attacker to access or modify system files or\nother files that are critical to the application."
                }
              ],
              "value": "The MicroSCADA Pro/X SYS600 product allows an authenticated user input to control or influence paths or file names\nthat are used in filesystem operations. If exploited the vulnerability allows the attacker to access or modify system files or\nother files that are critical to the application."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-38",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-38 Leveraging/Manipulating Configuration File Search Paths"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "MicroSCADA X SYS600"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "MicroSCADA Pro SYS600"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-29T13:35:30.374Z",
            "orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
            "shortName": "Hitachi Energy"
          },
          "references": [
            {
              "url": "https://publisher.hitachienergy.com/preview?DocumentID=8DBD000160\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
        "assignerShortName": "Hitachi Energy",
        "cveId": "CVE-2024-3980",
        "datePublished": "2024-08-27T12:42:41.124Z",
        "dateReserved": "2024-04-19T12:45:24.793Z",
        "dateUpdated": "2025-08-27T21:24:22.839Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-4872 (GCVE-0-2024-4872)

    Vulnerability from cvelistv5 – Published: 2024-08-27 12:37 – Updated: 2025-08-27 21:30
    VLAI
    Summary
    A vulnerability exists in the query validation of the MicroSCADA Pro/X SYS600 product. If exploited this could allow an authenticated attacker to inject code towards persistent data. Note that to successfully exploit this vulnerability an attacker must have a valid credential.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-943 - Improper Neutralization of Special Elements in Data Query Logic
    Assigner
    References
    Impacted products
    Vendor Product Version
    Hitachi Energy MicroSCADA X SYS600 Affected: 10.0 , ≤ 10.5 (custom)
    Unaffected: 10.3 vulnerability patch 2025_01 (custom)
    Unaffected: 10.4 vulnerability patch 2025_01 (custom)
    Unaffected: 10.5 vulnerability patch 2025_01 (custom)
    Create a notification for this product.
    Hitachi Energy MicroSCADA Pro SYS600 Affected: 9.4 FP2 HF1 , ≤ 9.4 FP2 HF5 (custom)
    Create a notification for this product.
    hitachienergy microscada_sys600 Affected: 10.0 , ≤ 10.5 (custom)
        cpe:2.3:a:hitachienergy:microscada_sys600:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:hitachienergy:microscada_sys600:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "microscada_sys600",
                "vendor": "hitachienergy",
                "versions": [
                  {
                    "lessThanOrEqual": "10.5",
                    "status": "affected",
                    "version": "10.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-4872",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-27T13:40:43.456014Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-27T21:30:14.068Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "MicroSCADA X SYS600",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "lessThanOrEqual": "10.5",
                  "status": "affected",
                  "version": "10.0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "10.3 vulnerability patch 2025_01",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "10.4 vulnerability patch 2025_01",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "10.5 vulnerability patch 2025_01",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MicroSCADA Pro SYS600",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "lessThanOrEqual": "9.4 FP2 HF5",
                  "status": "affected",
                  "version": "9.4 FP2 HF1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A vulnerability exists in the query validation of the MicroSCADA Pro/X SYS600 product. If exploited this could allow an authenticated attacker to inject code towards persistent data. Note that to successfully exploit this vulnerability\nan attacker must have a valid credential.\n\n\u003cbr\u003e"
                }
              ],
              "value": "A vulnerability exists in the query validation of the MicroSCADA Pro/X SYS600 product. If exploited this could allow an authenticated attacker to inject code towards persistent data. Note that to successfully exploit this vulnerability\nan attacker must have a valid credential."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-248",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-248 Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "MicroSCADA X SYS600"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "MicroSCADA Pro SYS600"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-943",
                  "description": "CWE-943 Improper Neutralization of Special Elements in Data Query Logic",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-11T14:01:46.020Z",
            "orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
            "shortName": "Hitachi Energy"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://publisher.hitachienergy.com/preview?DocumentID=8DBD000160\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
        "assignerShortName": "Hitachi Energy",
        "cveId": "CVE-2024-4872",
        "datePublished": "2024-08-27T12:37:28.958Z",
        "dateReserved": "2024-05-14T14:41:23.177Z",
        "dateUpdated": "2025-08-27T21:30:14.068Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-3388 (GCVE-0-2022-3388)

    Vulnerability from cvelistv5 – Published: 2022-11-21 00:00 – Updated: 2025-07-23 20:45
    VLAI
    Title
    Input Validation Vulnerability in Hitachi Energy’s MicroSCADA Pro/X SYS600 Products
    Summary
    An input validation vulnerability exists in the Monitor Pro interface of MicroSCADA Pro and MicroSCADA X SYS600. An authenticated user can launch an administrator level remote code execution irrespective of the authenticated user's role.
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:07:06.515Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000123\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\u0026elqaid=4293\u0026elqat=1",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000123\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\u0026elqaid=4293\u0026elqat=1"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "MicroSCADA Pro SYS600",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.0"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MicroSCADA X SYS600",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An input validation vulnerability exists in the Monitor Pro interface of MicroSCADA\nPro and MicroSCADA X SYS600. An authenticated user can launch an administrator level remote code execution irrespective of the authenticated user\u0027s role."
                }
              ],
              "value": "An input validation vulnerability exists in the Monitor Pro interface of MicroSCADA\nPro and MicroSCADA X SYS600. An authenticated user can launch an administrator level remote code execution irrespective of the authenticated user\u0027s role."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-23",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-23 File Content Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-19T04:28:13.552Z",
            "orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
            "shortName": "Hitachi Energy"
          },
          "references": [
            {
              "name": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000123\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\u0026elqaid=4293\u0026elqat=1",
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000123\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\u0026elqaid=4293\u0026elqat=1"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "For SYS600 9.x: update to at SYS600 version SYS600 9.4 FP2\u0026nbsp;Hotfix 5 when it is released or upgrade to at least SYS600 version 10.4.1.\u003cbr\u003e\n\nA requirement to install SYS600 9.4 FP2 Hotfix 5 is to have at least\nthe SYS600 9.4 FP2 Hotfix 4 installed.\u003cbr\u003e\u003cbr\u003e \n\nCPE:\u0026nbsp;\u003cbr\u003ecpe:2.3:a:hitachienergy:microscada_pro_sys600:9.0:*:*:*:*:*:*:*\u003cbr\u003e\n\ncpe:2.3:a:hitachienergy:microscada_pro_sys600:9.1:*:*:*:*:*:*:*\n\n\u003cbr\u003e\n\ncpe:2.3:a:hitachienergy:microscada_pro_sys600:9.2:*:*:*:*:*:*:*\n\n\u003cbr\u003e\n\ncpe:2.3:a:hitachienergy:microscada_pro_sys600:9.3:*:*:*:*:*:*:*\n\n\u003cbr\u003e\n\ncpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:*:*:*:*:*:*:*\n\n\u003cbr\u003e\u003cbr\u003e"
                }
              ],
              "value": "For SYS600 9.x: update to at SYS600 version SYS600 9.4 FP2\u00a0Hotfix 5 when it is released or upgrade to at least SYS600 version 10.4.1.\n\n\nA requirement to install SYS600 9.4 FP2 Hotfix 5 is to have at least\nthe SYS600 9.4 FP2 Hotfix 4 installed.\n\n \n\nCPE:\u00a0\ncpe:2.3:a:hitachienergy:microscada_pro_sys600:9.0:*:*:*:*:*:*:*\n\n\ncpe:2.3:a:hitachienergy:microscada_pro_sys600:9.1:*:*:*:*:*:*:*\n\n\n\n\ncpe:2.3:a:hitachienergy:microscada_pro_sys600:9.2:*:*:*:*:*:*:*\n\n\n\n\ncpe:2.3:a:hitachienergy:microscada_pro_sys600:9.3:*:*:*:*:*:*:*\n\n\n\n\ncpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:*:*:*:*:*:*:*"
            },
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "For SYS600 10.x update to at least SYS600 version 10.4.1\nOr apply general mitigation factors.\u003cbr\u003e\u003cbr\u003e\n\n\nCPE:\u0026nbsp;\u003cbr\u003ecpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:*\u003cbr\u003ecpe:2.3:a:hitachienergy:microscada_x_sys600:10.1:*:*:*:*:*:*:*\u003cbr\u003ecpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:*:*:*:*:*:*:*\u003cbr\u003ecpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:*\u003cbr\u003ecpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:*\u003cbr\u003ecpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:*\u003cbr\u003ecpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*\u003cbr\u003ecpe:2.3:a:hitachienergy:microscada_x_sys600:10.4:*:*:*:*:*:*:*\u003cbr\u003e\u003cbr\u003e"
                }
              ],
              "value": "For SYS600 10.x update to at least SYS600 version 10.4.1\nOr apply general mitigation factors.\n\n\n\n\nCPE:\u00a0\ncpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:*\ncpe:2.3:a:hitachienergy:microscada_x_sys600:10.1:*:*:*:*:*:*:*\ncpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:*:*:*:*:*:*:*\ncpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:*\ncpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:*\ncpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:*\ncpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*\ncpe:2.3:a:hitachienergy:microscada_x_sys600:10.4:*:*:*:*:*:*:*"
            }
          ],
          "source": {
            "advisory": "8DBD000123",
            "discovery": "INTERNAL"
          },
          "title": "Input Validation Vulnerability in Hitachi Energy\u2019s MicroSCADA Pro/X SYS600 Products",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Recommended security practices and firewall configurations can help protect a process control network from\nattacks that originate from outside the network. Such practices include that process control systems are physically protected from direct access by unauthorized personnel, have no direct connections to the Internet, and\nare separated from other networks by means of a firewall system that has a minimal number of ports exposed,\nand others that have to be evaluated case by case. Process control systems should not be used for Internet\nsurfing, instant messaging, or receiving e-mails. Portable computers and removable storage media should be\u0026nbsp;carefully scanned for viruses before they are connected to a control system. Proper password policies and processes should be followed.\nWe recommend following the cybersecurity deployment guideline as follows: 1MRK511518 MicroSCADA X\nCyber Security Deployment Guideline.\n\n\u003cbr\u003e"
                }
              ],
              "value": "Recommended security practices and firewall configurations can help protect a process control network from\nattacks that originate from outside the network. Such practices include that process control systems are physically protected from direct access by unauthorized personnel, have no direct connections to the Internet, and\nare separated from other networks by means of a firewall system that has a minimal number of ports exposed,\nand others that have to be evaluated case by case. Process control systems should not be used for Internet\nsurfing, instant messaging, or receiving e-mails. Portable computers and removable storage media should be\u00a0carefully scanned for viruses before they are connected to a control system. Proper password policies and processes should be followed.\nWe recommend following the cybersecurity deployment guideline as follows: 1MRK511518 MicroSCADA X\nCyber Security Deployment Guideline."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
        "assignerShortName": "Hitachi Energy",
        "cveId": "CVE-2022-3388",
        "datePublished": "2022-11-21T00:00:00.000Z",
        "dateReserved": "2022-09-30T00:00:00.000Z",
        "dateUpdated": "2025-07-23T20:45:00.000Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-29492 (GCVE-0-2022-29492)

    Vulnerability from cvelistv5 – Published: 2022-09-14 17:07 – Updated: 2025-06-04 15:03
    VLAI
    Title
    A vulnerability exists in the handling of a malformed IEC 104 TCP packet. Upon receiving a malformed IEC 104 TCP packet, the malformed packet is dropped, however the TCP connection is left open. This may cause a denial-of-service if the affected conne ...
    Summary
    Improper Input Validation vulnerability in the handling of a malformed IEC 104 TCP packet in the Hitachi Energy MicroSCADA X SYS600, MicroSCADA Pro SYS600. Upon receiving a malformed IEC 104 TCP packet, the malformed packet is dropped, however the TCP connection is left open. This may cause a denial-of-service if the affected connection is left open. This issue affects: Hitachi Energy MicroSCADA Pro SYS600 version 9.4 FP2 Hotfix 4 and earlier versions Hitachi Energy MicroSCADA X SYS600 version 10 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.0:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    Hitachi Energy MicroSCADA X SYS600 Affected: 10
    Affected: 10.1
    Affected: 10.1.1
    Affected: 10.2
    Affected: 10.2.1
    Affected: 10.3
    Affected: 10.3.1
    Create a notification for this product.
    Hitachi Energy MicroSCADA Pro SYS600 Affected: unspecified , ≤ 9.2 FP2 Hotfix 4 (custom)
    Create a notification for this product.
    Date Public
    2022-09-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T06:26:05.982Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000106\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-29492",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-04T15:03:06.930475Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-04T15:03:09.994Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "MicroSCADA X SYS600",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "status": "affected",
                  "version": "10"
                },
                {
                  "status": "affected",
                  "version": "10.1"
                },
                {
                  "status": "affected",
                  "version": "10.1.1"
                },
                {
                  "status": "affected",
                  "version": "10.2"
                },
                {
                  "status": "affected",
                  "version": "10.2.1"
                },
                {
                  "status": "affected",
                  "version": "10.3"
                },
                {
                  "status": "affected",
                  "version": "10.3.1"
                }
              ]
            },
            {
              "product": "MicroSCADA Pro SYS600",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "lessThanOrEqual": "9.2 FP2 Hotfix 4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-09-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper Input Validation vulnerability in the handling of a malformed IEC 104 TCP packet in the Hitachi Energy MicroSCADA X SYS600, MicroSCADA Pro SYS600. Upon receiving a malformed IEC 104 TCP packet, the malformed packet is dropped, however the TCP connection is left open. This may cause a denial-of-service if the affected connection is left open. This issue affects: Hitachi Energy MicroSCADA Pro SYS600 version 9.4 FP2 Hotfix 4 and earlier versions Hitachi Energy MicroSCADA X SYS600 version 10 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.0:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-14T17:07:31.000Z",
            "orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
            "shortName": "Hitachi Energy"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000106\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Remediated in SYS600 10.4 \nFor MicroSCADA Pro SYS600  - Upgrade to at least SYS600 version 10.4.\nFor MicroSCADA X SYS600  - Update to at least SYS600 version 10.4."
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "A vulnerability exists in the handling of a malformed IEC 104 TCP packet. Upon receiving a malformed IEC 104 TCP packet, the malformed packet is dropped, however the TCP connection is left open. This may cause a denial-of-service if the affected conne ...",
          "workarounds": [
            {
              "lang": "en",
              "value": "Apply general mitigation factors as specify in the advisory."
            }
          ],
          "x_ConverterErrors": {
            "TITLE": {
              "error": "TITLE too long. Truncating in v5 record.",
              "message": "Truncated!"
            }
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@hitachienergy.com",
              "DATE_PUBLIC": "2022-09-06T14:30:00.000Z",
              "ID": "CVE-2022-29492",
              "STATE": "PUBLIC",
              "TITLE": "A vulnerability exists in the handling of a malformed IEC 104 TCP packet. Upon receiving a malformed IEC 104 TCP packet, the malformed packet is dropped, however the TCP connection is left open. This may cause a denial-of-service if the affected connection is left open."
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "MicroSCADA X SYS600",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "10"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "10.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "10.1.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "10.2"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "10.2.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "10.3"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "10.3.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "MicroSCADA Pro SYS600",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "9.2 FP2 Hotfix 4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Hitachi Energy"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper Input Validation vulnerability in the handling of a malformed IEC 104 TCP packet in the Hitachi Energy MicroSCADA X SYS600, MicroSCADA Pro SYS600. Upon receiving a malformed IEC 104 TCP packet, the malformed packet is dropped, however the TCP connection is left open. This may cause a denial-of-service if the affected connection is left open. This issue affects: Hitachi Energy MicroSCADA Pro SYS600 version 9.4 FP2 Hotfix 4 and earlier versions Hitachi Energy MicroSCADA X SYS600 version 10 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.0:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*"
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-20 Improper Input Validation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000106\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
                  "refsource": "CONFIRM",
                  "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000106\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Remediated in SYS600 10.4 \nFor MicroSCADA Pro SYS600  - Upgrade to at least SYS600 version 10.4.\nFor MicroSCADA X SYS600  - Update to at least SYS600 version 10.4."
              }
            ],
            "source": {
              "discovery": "INTERNAL"
            },
            "work_around": [
              {
                "lang": "en",
                "value": "Apply general mitigation factors as specify in the advisory."
              }
            ]
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
        "assignerShortName": "Hitachi Energy",
        "cveId": "CVE-2022-29492",
        "datePublished": "2022-09-14T17:07:31.147Z",
        "dateReserved": "2022-04-29T00:00:00.000Z",
        "dateUpdated": "2025-06-04T15:03:09.994Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-29922 (GCVE-0-2022-29922)

    Vulnerability from cvelistv5 – Published: 2022-09-14 17:03 – Updated: 2025-06-04 15:06
    VLAI
    Title
    A vulnerability exists in the handling of a specially crafted IEC 61850 packet with a valid data item but with incorrect data type in the IEC 61850 OPC Server. The vulnerability may cause a denial-of-service on the IEC 61850 OPC Server part of the SYS ...
    Summary
    Improper Input Validation vulnerability in the handling of a specially crafted IEC 61850 packet with a valid data item but with incorrect data type in the IEC 61850 OPC Server in the Hitachi Energy MicroSCADA X SYS600, MicroSCADA Pro SYS600. The vulnerability may cause a denial-of-service on the IEC 61850 OPC Server part of the SYS600 product. This issue affects: Hitachi Energy MicroSCADA Pro SYS600 version 9.4 FP2 Hotfix 4 and earlier versions Hitachi Energy MicroSCADA X SYS600 version 10 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.0:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    Hitachi Energy MicroSCADA X SYS600 Affected: 10
    Affected: 10.1
    Affected: 10.1.1
    Affected: 10.2
    Affected: 10.2.1
    Affected: 10.3
    Affected: 10.3.1
    Create a notification for this product.
    Hitachi Energy MicroSCADA Pro SYS600 Affected: unspecified , ≤ 9.2 FP2 Hotfix 4 (custom)
    Create a notification for this product.
    Date Public
    2022-09-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T06:33:43.179Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000106\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-29922",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-04T15:06:18.636818Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-04T15:06:31.593Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "MicroSCADA X SYS600",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "status": "affected",
                  "version": "10"
                },
                {
                  "status": "affected",
                  "version": "10.1"
                },
                {
                  "status": "affected",
                  "version": "10.1.1"
                },
                {
                  "status": "affected",
                  "version": "10.2"
                },
                {
                  "status": "affected",
                  "version": "10.2.1"
                },
                {
                  "status": "affected",
                  "version": "10.3"
                },
                {
                  "status": "affected",
                  "version": "10.3.1"
                }
              ]
            },
            {
              "product": "MicroSCADA Pro SYS600",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "lessThanOrEqual": "9.2 FP2 Hotfix 4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-09-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper Input Validation vulnerability in the handling of a specially crafted IEC 61850 packet with a valid data item but with incorrect data type in the IEC 61850 OPC Server in the Hitachi Energy MicroSCADA X SYS600, MicroSCADA Pro SYS600. The vulnerability may cause a denial-of-service on the IEC 61850 OPC Server part of the SYS600 product. This issue affects: Hitachi Energy MicroSCADA Pro SYS600 version 9.4 FP2 Hotfix 4 and earlier versions Hitachi Energy MicroSCADA X SYS600 version 10 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.0:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-14T17:03:34.000Z",
            "orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
            "shortName": "Hitachi Energy"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000106\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Remediated in SYS600 10.4 \nFor MicroSCADA Pro SYS600  - Upgrade to at least SYS600 version 10.4.\nFor MicroSCADA X SYS600  - Update to at least SYS600 version 10.4."
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "A vulnerability exists in the handling of a specially crafted IEC 61850 packet with a valid data item but with incorrect data type in the IEC 61850 OPC Server. The vulnerability may cause a denial-of-service on the IEC 61850 OPC Server part of the SYS ...",
          "workarounds": [
            {
              "lang": "en",
              "value": "Apply general mitigation factors as specify in the advisory."
            }
          ],
          "x_ConverterErrors": {
            "TITLE": {
              "error": "TITLE too long. Truncating in v5 record.",
              "message": "Truncated!"
            }
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@hitachienergy.com",
              "DATE_PUBLIC": "2022-09-06T14:30:00.000Z",
              "ID": "CVE-2022-29922",
              "STATE": "PUBLIC",
              "TITLE": "A vulnerability exists in the handling of a specially crafted IEC 61850 packet with a valid data item but with incorrect data type in the IEC 61850 OPC Server. The vulnerability may cause a denial-of-service on the IEC 61850 OPC Server part of the SYS600 product."
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "MicroSCADA X SYS600",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "10"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "10.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "10.1.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "10.2"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "10.2.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "10.3"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "10.3.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "MicroSCADA Pro SYS600",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "9.2 FP2 Hotfix 4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Hitachi Energy"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper Input Validation vulnerability in the handling of a specially crafted IEC 61850 packet with a valid data item but with incorrect data type in the IEC 61850 OPC Server in the Hitachi Energy MicroSCADA X SYS600, MicroSCADA Pro SYS600. The vulnerability may cause a denial-of-service on the IEC 61850 OPC Server part of the SYS600 product. This issue affects: Hitachi Energy MicroSCADA Pro SYS600 version 9.4 FP2 Hotfix 4 and earlier versions Hitachi Energy MicroSCADA X SYS600 version 10 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.0:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*"
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-20 Improper Input Validation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000106\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
                  "refsource": "CONFIRM",
                  "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000106\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Remediated in SYS600 10.4 \nFor MicroSCADA Pro SYS600  - Upgrade to at least SYS600 version 10.4.\nFor MicroSCADA X SYS600  - Update to at least SYS600 version 10.4."
              }
            ],
            "source": {
              "discovery": "INTERNAL"
            },
            "work_around": [
              {
                "lang": "en",
                "value": "Apply general mitigation factors as specify in the advisory."
              }
            ]
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
        "assignerShortName": "Hitachi Energy",
        "cveId": "CVE-2022-29922",
        "datePublished": "2022-09-14T17:03:34.160Z",
        "dateReserved": "2022-04-29T00:00:00.000Z",
        "dateUpdated": "2025-06-04T15:06:31.593Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }