CVE-2022-2513

Name of the Vulnerable Software and Affected Versions Hitachi Energy’s PCM600 product (affected versions not specified)

Description A vulnerability exists in the Intelligent Electronic Device (IED) Connectivity Package (ConnPack) credential storage function, where IEDs credentials are stored in a cleartext format in the database and logs files. An attacker having access to the exported backup file can exploit the vulnerability and obtain user credentials of the IEDs. Additionally, an attacker with administrator access to the host machine can obtain other user credentials by analyzing database log files. The credentials may be used to perform unauthorized modifications such as loading incorrect configurations, rebooting the IEDs, or causing a denial-of-service on the IEDs.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.