CVE-2022-3353 — MEDIUM (5.9)

Q: How severe is CVE-2022-3353?

CVE-2022-3353 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-3353?

Check the references section above for vendor advisories and patch information. Affected products include: Hitachienergy Sys600 Firmware, Hitachienergy Sys600, Hitachienergy Rtu500 Firmware, Hitachienergy Rtu500, Hitachienergy Reb500 Firmware.

Vulnerability Description

A vulnerability exists in the IEC 61850 communication stack that affects multiple Hitachi Energy products. An attacker could exploit the vulnerability by using a specially crafted message sequence, to force the IEC 61850 MMS-server communication stack, to stop accepting new MMS-client connections. Already existing/established client-server connections are not affected. List of affected CPEs: * cpe:2.3:o:hitachienergy:fox61x_tego1:r15b08:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:fox61x_tego1:r2a16_3:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:fox61x_tego1:r2a16:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:fox61x_tego1:r1e01:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:fox61x_tego1:r1d02:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:fox61x_tego1:r1c07:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:fox61x_tego1:r1b02:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:gms600:1.3.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.1.*:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.5.*:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.6.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.6.0.1:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.7.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.7.2:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.8.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.0.*:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.1.0.4:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.1.0.5:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.*:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.4:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.4.1:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:mms:2.2.3:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:pwc600:1.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:pwc600:1.1:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:pwc600:1.2:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:reb500:7:*:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:reb500:8:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relion670:1.2.*:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relion670:2.0.*:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relion650:1.1.*:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relion650:1.3.*:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relion650:2.1.*:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relion670:2.1.*:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relionSAM600-IO:2.2.1:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relionSAM600-IO:2.2.5:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relion670:2.2.*:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relion650:2.2.*:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:rtu500cmu:12.*.*:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:rtu500cmu:13.*.*:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:txpert_hub_coretec_4:2.*:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:txpert_hub_coretec_4:3.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:txpert_hub_coretec_5:3.0:*:*:*:*:*:*:*

CVSS Score

5.9

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Hitachienergy	Sys600 Firmware	>= 10.1, <= 10.3.1
Hitachienergy	Sys600	-
Hitachienergy	Rtu500 Firmware	>= 12.0.1.0, <= 12.0.14.0
Hitachienergy	Rtu500	-
Hitachienergy	Reb500 Firmware	>= 7.0, < 8.3.3
Hitachienergy	Reb500	-
Hitachienergy	Pwc600 Firmware	1.0
Hitachienergy	Pwc600	-
Hitachienergy	Modular Switchgear Monitoring Firmware	<= 2.2.3
Hitachienergy	Modular Switchgear Monitoring	-
Hitachienergy	Itt600 Sa Explorer	1.1.0
Hitachienergy	Relion Sam600-Io Firmware	2.2.1
Hitachienergy	Relion Sam600-Io	-
Hitachienergy	Relion 650 Firmware	1.1
Hitachienergy	Relion 650	-
Hitachienergy	Relion 670 Firmware	1.2
Hitachienergy	Relion 670	-
Hitachienergy	Gms600 Firmware	1.3.0
Hitachienergy	Gms600	-
Hitachienergy	Fox615 Tego1 Firmware	r1b02

Related Weaknesses (CWE)

CWE-404

References

https://search.abb.com/library/Download.aspx?DocumentID=8DBD000124&LanguageCode=Vendor Advisory
https://search.abb.com/library/Download.aspx?DocumentID=8DBD000125&LanguageCode=Vendor Advisory
https://search.abb.com/library/Download.aspx?DocumentID=8DBD000126&LanguageCode=Vendor Advisory
https://search.abb.com/library/Download.aspx?DocumentID=8DBD000127&LanguageCode=Vendor Advisory
https://search.abb.com/library/Download.aspx?DocumentID=8DBD000128&LanguageCode=Vendor Advisory
https://search.abb.com/library/Download.aspx?DocumentID=8DBD000129&LanguageCode=Vendor Advisory
https://search.abb.com/library/Download.aspx?DocumentID=8DBD000130&LanguageCode=Vendor Advisory
https://search.abb.com/library/Download.aspx?DocumentID=8DBD000131&LanguageCode=Vendor Advisory
https://search.abb.com/library/Download.aspx?DocumentID=8DBD000132&LanguageCode=Vendor Advisory
https://search.abb.com/library/Download.aspx?DocumentID=8DBD000133&LanguageCode=Vendor Advisory
https://search.abb.com/library/Download.aspx?DocumentID=8DBD000124&LanguageCode=Vendor Advisory
https://search.abb.com/library/Download.aspx?DocumentID=8DBD000125&LanguageCode=Vendor Advisory
https://search.abb.com/library/Download.aspx?DocumentID=8DBD000126&LanguageCode=Vendor Advisory
https://search.abb.com/library/Download.aspx?DocumentID=8DBD000127&LanguageCode=Vendor Advisory
https://search.abb.com/library/Download.aspx?DocumentID=8DBD000128&LanguageCode=Vendor Advisory

FAQ

What is CVE-2022-3353?

CVE-2022-3353 is a vulnerability with a CVSS score of 5.9 (MEDIUM). A vulnerability exists in the IEC 61850 communication stack that affects multiple Hitachi Energy products. An attacker could exploit the vulnerability by using a specially crafted message sequenc...

How severe is CVE-2022-3353?

CVE-2022-3353 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-3353?

Check the references section above for vendor advisories and patch information. Affected products include: Hitachienergy Sys600 Firmware, Hitachienergy Sys600, Hitachienergy Rtu500 Firmware, Hitachienergy Rtu500, Hitachienergy Reb500 Firmware.