Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Relion 670/650/SAM600-IO Series by Hitachi Energy

    CVE-2022-3864 (GCVE-0-2022-3864)

    Vulnerability from nvd – Published: 2024-01-04 09:31 – Updated: 2024-08-27 15:19
    VLAI
    Summary
    A vulnerability exists in the Relion update package signature validation. A tampered update package could cause the IED to restart. After restart the device is back to normal operation. An attacker could exploit the vulnerability by first gaining access to the system with security privileges and attempt to update the IED with a malicious update package. Successful exploitation of this vulnerability will cause the IED to restart, causing a temporary Denial of Service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-347 - Improper Verification of Cryptographic Signature
    Assigner
    Impacted products
    Vendor Product Version
    Hitachi Energy Relion 670/650/SAM600-IO Series Affected: Relion 670/650 series version 2.2.0 all revisions
    Affected: Relion 670/650/SAM600-IO series version 2.2.1 all revisions
    Affected: Relion 670 series version 2.2.2 all revisions
    Affected: Relion 670 series version 2.2.3 all revisions
    Affected: Relion 670/650 series version 2.2.4 all revisions
    Affected: Relion 670/650 series version 2.2.5 all revisions
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:20:59.008Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://publisher.hitachienergy.com/preview?DocumentID=8DBD000146\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-3864",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-27T15:19:29.961351Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-27T15:19:54.336Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Relion 670/650/SAM600-IO Series",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "status": "affected",
                  "version": "Relion 670/650 series version 2.2.0 all revisions"
                },
                {
                  "status": "affected",
                  "version": "Relion 670/650/SAM600-IO series version 2.2.1 all revisions"
                },
                {
                  "status": "affected",
                  "version": "Relion 670 series version 2.2.2 all revisions"
                },
                {
                  "status": "affected",
                  "version": "Relion 670 series version 2.2.3 all revisions"
                },
                {
                  "status": "affected",
                  "version": "Relion 670/650 series version 2.2.4 all revisions"
                },
                {
                  "status": "affected",
                  "version": "Relion 670/650 series version 2.2.5 all revisions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\nA vulnerability exists in the Relion update package signature validation. A tampered update package could cause the IED to restart. After restart the device is back to normal operation.\nAn attacker could exploit the vulnerability by first gaining access to\nthe system with security privileges and attempt to update the IED\nwith a malicious update package. Successful exploitation of this\nvulnerability will cause the IED to restart, causing a temporary Denial of Service.\n\n"
                }
              ],
              "value": "\nA vulnerability exists in the Relion update package signature validation. A tampered update package could cause the IED to restart. After restart the device is back to normal operation.\nAn attacker could exploit the vulnerability by first gaining access to\nthe system with security privileges and attempt to update the IED\nwith a malicious update package. Successful exploitation of this\nvulnerability will cause the IED to restart, causing a temporary Denial of Service.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-186",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-186 Malicious Software Update"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 4.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-347",
                  "description": "CWE-347 Improper Verification of Cryptographic Signature",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-04T09:31:20.283Z",
            "orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
            "shortName": "Hitachi Energy"
          },
          "references": [
            {
              "url": "https://publisher.hitachienergy.com/preview?DocumentID=8DBD000146\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
        "assignerShortName": "Hitachi Energy",
        "cveId": "CVE-2022-3864",
        "datePublished": "2024-01-04T09:31:20.283Z",
        "dateReserved": "2022-11-04T15:07:18.438Z",
        "dateUpdated": "2024-08-27T15:19:54.336Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-3864 (GCVE-0-2022-3864)

    Vulnerability from cvelistv5 – Published: 2024-01-04 09:31 – Updated: 2024-08-27 15:19
    VLAI
    Summary
    A vulnerability exists in the Relion update package signature validation. A tampered update package could cause the IED to restart. After restart the device is back to normal operation. An attacker could exploit the vulnerability by first gaining access to the system with security privileges and attempt to update the IED with a malicious update package. Successful exploitation of this vulnerability will cause the IED to restart, causing a temporary Denial of Service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-347 - Improper Verification of Cryptographic Signature
    Assigner
    Impacted products
    Vendor Product Version
    Hitachi Energy Relion 670/650/SAM600-IO Series Affected: Relion 670/650 series version 2.2.0 all revisions
    Affected: Relion 670/650/SAM600-IO series version 2.2.1 all revisions
    Affected: Relion 670 series version 2.2.2 all revisions
    Affected: Relion 670 series version 2.2.3 all revisions
    Affected: Relion 670/650 series version 2.2.4 all revisions
    Affected: Relion 670/650 series version 2.2.5 all revisions
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:20:59.008Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://publisher.hitachienergy.com/preview?DocumentID=8DBD000146\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-3864",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-27T15:19:29.961351Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-27T15:19:54.336Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Relion 670/650/SAM600-IO Series",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "status": "affected",
                  "version": "Relion 670/650 series version 2.2.0 all revisions"
                },
                {
                  "status": "affected",
                  "version": "Relion 670/650/SAM600-IO series version 2.2.1 all revisions"
                },
                {
                  "status": "affected",
                  "version": "Relion 670 series version 2.2.2 all revisions"
                },
                {
                  "status": "affected",
                  "version": "Relion 670 series version 2.2.3 all revisions"
                },
                {
                  "status": "affected",
                  "version": "Relion 670/650 series version 2.2.4 all revisions"
                },
                {
                  "status": "affected",
                  "version": "Relion 670/650 series version 2.2.5 all revisions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\nA vulnerability exists in the Relion update package signature validation. A tampered update package could cause the IED to restart. After restart the device is back to normal operation.\nAn attacker could exploit the vulnerability by first gaining access to\nthe system with security privileges and attempt to update the IED\nwith a malicious update package. Successful exploitation of this\nvulnerability will cause the IED to restart, causing a temporary Denial of Service.\n\n"
                }
              ],
              "value": "\nA vulnerability exists in the Relion update package signature validation. A tampered update package could cause the IED to restart. After restart the device is back to normal operation.\nAn attacker could exploit the vulnerability by first gaining access to\nthe system with security privileges and attempt to update the IED\nwith a malicious update package. Successful exploitation of this\nvulnerability will cause the IED to restart, causing a temporary Denial of Service.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-186",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-186 Malicious Software Update"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 4.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-347",
                  "description": "CWE-347 Improper Verification of Cryptographic Signature",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-04T09:31:20.283Z",
            "orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
            "shortName": "Hitachi Energy"
          },
          "references": [
            {
              "url": "https://publisher.hitachienergy.com/preview?DocumentID=8DBD000146\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
        "assignerShortName": "Hitachi Energy",
        "cveId": "CVE-2022-3864",
        "datePublished": "2024-01-04T09:31:20.283Z",
        "dateReserved": "2022-11-04T15:07:18.438Z",
        "dateUpdated": "2024-08-27T15:19:54.336Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }