What is the vulnerability ID for this issue?

The vulnerability ID for this issue is CVE-2022-1778.

What is the severity level of CVE-2022-1778?

The severity level of CVE-2022-1778 is high.

What software is affected by CVE-2022-1778?

The Hitachi Energy MicroSCADA X SYS600 software is affected by CVE-2022-1778.

How does CVE-2022-1778 impact the SYS600?

CVE-2022-1778 causes a buffer overflow in the SYS600, which leads to a failure to start the system.

Is administrator access required to exploit CVE-2022-1778?

Yes, administrator access is required to access the specific configuration file that triggers the vulnerability.

Vulnerability/
CVE-2022-1778

critical

CWE

119 20

14/9/2022

25/9/2024

CVE-2022-1778: A vulnerability exists during the start of the affected SYS600, where an input validation flaw causes a buffer-overflow while reading a specific configuration file. Subsequently SYS600 will fail to start. The configuration file can only be accessed by ...

First published: Wed Sep 14 2022(Updated: )

Improper Input Validation vulnerability in Hitachi Energy MicroSCADA X SYS600 while reading a specific configuration file causes a buffer-overflow that causes a failure to start the SYS600. The configuration file can only be accessed by an administrator access. This issue affects: Hitachi Energy MicroSCADA X SYS600 version 10 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*

Credit: cybersecurity@hitachienergy.com cybersecurity@hitachienergy.com

Affected Software	Affected Version	How to fix
Hitachienergy Microscada X Sys600	>=10.0<=10.3.1
Hitachienergy Sys600
All of
Hitachienergy Microscada X Sys600	>=10.0<=10.3.1
Hitachienergy Sys600

Remedy

Remediated in SYS600 10.4 Update to at least SYS600 version 10.4.

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2022-1778.
What is the severity level of CVE-2022-1778?
The severity level of CVE-2022-1778 is high.
What software is affected by CVE-2022-1778?
The Hitachi Energy MicroSCADA X SYS600 software is affected by CVE-2022-1778.
How does CVE-2022-1778 impact the SYS600?
CVE-2022-1778 causes a buffer overflow in the SYS600, which leads to a failure to start the system.
Is administrator access required to exploit CVE-2022-1778?
Yes, administrator access is required to access the specific configuration file that triggers the vulnerability.

collector/nvd-index
agent/weakness
agent/type
agent/softwarecombine
agent/title
agent/author
agent/description
collector/mitre-cve
source/MITRE
agent/severity
agent/remedy
agent/last-modified-date
agent/references
agent/tags
agent/first-publish-date
agent/event
collector/nvd-api
source/NVD
agent/software-canonical-lookup
vendor/hitachienergy
canonical/hitachienergy microscada x sys600
version/hitachienergy microscada x sys600/10.0
version/hitachienergy microscada x sys600/10.3.1
canonical/hitachienergy sys600