CVE-2022-2277

Name of the Vulnerable Software and Affected Versions Hitachi Energy MicroSCADA X SYS600 versions 10.2 through 10.3.1

Description The issue is related to an Improper Input Validation vulnerability in the ICCP stack of Hitachi Energy MicroSCADA X SYS600. This vulnerability can cause a denial-of-service when the ICCP of SYS600 is requested to forward any data item updates with timestamps too distant in the future to any remote ICCP system. By default, ICCP is not configured and not enabled.

Recommendations For Hitachi Energy MicroSCADA X SYS600 versions 10.2 through 10.3.1, consider disabling the ICCP stack until a patch is available to prevent potential denial-of-service attacks. Restrict access to the ICCP communication establishment to minimize the risk of exploitation. Avoid using the ICCP stack to forward data item updates with timestamps too distant in the future to any remote ICCP system until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.