Vulnerability in Hitachi Energy Fox61x Tego1
CVE-2022-3353
A vulnerability exists in the IEC 61850 communication stack that affects multiple Hitachi Energy products. An attacker could exploit the vulnerability by using a specially crafted message sequence, to force the IEC 61850 MMS-server co…
EPSS: 0.011 (61.7th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 5.9 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H.
Affected products
- Hitachi Energy Fox61x Tego1 — versions tego1_r16a11, tego1_r15b08, tego1_r2a16_03
- Hitachi Energy Gms600 — versions GMS600 1.3
- Hitachi Energy Itt600 Sa Explorer — versions ITT600 SA Explorer 1.1.0, ITT600 SA Explorer 1.1.1, ITT600 SA Explorer 1.1.2
- Hitachi Energy Microscada X Sys600 — versions SYS600 10, SYS600 10.1, SYS600 10.1.1
- Hitachi Energy Msm — versions MSM 2.2.3;0
- Hitachi Energy Pwc600 — versions PWC600 1.0, PWC600 1.1, PWC600 1.2
- Hitachi Energy Reb500 — versions REB500 7.0, REB500 8.0, REB500 8.3.3.0
- Hitachi Energy Relion® 650 — versions Relion 650 1.1, Relion 650 1.3, Relion 650 2.1
- Hitachi Energy Relion® 670 — versions Relion 670 1.2, Relion 670 2.0, Relion 670 version 2.1
- Hitachi Energy Rtu500 — versions RTU500 12.0.1, RTU500 12.0.15, RTU500 12.2.1
Weakness classification (CWE)
References
- cybersecurity@hitachienergy.com (Vendor Advisory)
- cybersecurity@hitachienergy.com (Vendor Advisory)
- cybersecurity@hitachienergy.com (Vendor Advisory)
- cybersecurity@hitachienergy.com (Vendor Advisory)
- cybersecurity@hitachienergy.com (Vendor Advisory)
- cybersecurity@hitachienergy.com (Vendor Advisory)
- cybersecurity@hitachienergy.com (Vendor Advisory)
- cybersecurity@hitachienergy.com (Vendor Advisory)
- cybersecurity@hitachienergy.com (Vendor Advisory)
- cybersecurity@hitachienergy.com (Vendor Advisory)
Frequently asked questions
- What is CVE-2022-3353?
- CVE-2022-3353 is a medium-severity vulnerability in Hitachi Energy Fox61x Tego1, classified under Improper Resource Shutdown or Release. CVSS score: 5.9/10. Published 2023-02-21.
- How severe is CVE-2022-3353?
- Medium severity. CVSS v3 base score is 5.9 out of 10.