Vulnerability Description
Improper Input Validation vulnerability exists in the Hitachi Energy MicroSCADA X SYS600's ICCP stack during the ICCP communication establishment causes a denial-of-service when ICCP of SYS600 is request to forward any data item updates with timestamps too distant in the future to any remote ICCP system. By default, ICCP is not configured and not enabled. This issue affects: Hitachi Energy MicroSCADA X SYS600 version 10.2 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hitachienergy | Microscada X Sys600 | >= 10.2, <= 10.3.1 |
| Hitachienergy | Sys600 | - |
Related Weaknesses (CWE)
References
- https://publisher.hitachienergy.com/preview?DocumentID=8DBD000106&LanguageCode=e
- https://search.abb.com/library/Download.aspx?DocumentID=8DBD000106&LanguageCode=
FAQ
What is CVE-2022-2277?
CVE-2022-2277 is a vulnerability with a CVSS score of 7.5 (HIGH). Improper Input Validation vulnerability exists in the Hitachi Energy MicroSCADA X SYS600's ICCP stack during the ICCP communication establishment causes a denial-of-service when ICCP of SYS600 is requ...
How severe is CVE-2022-2277?
CVE-2022-2277 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-2277?
Check the references section above for vendor advisories and patch information. Affected products include: Hitachienergy Microscada X Sys600, Hitachienergy Sys600.