PT-2022-5036 · Hitachi Energy · Hitachi Energy Microscada X Sys600
Published
2022-04-29
·
Updated
2022-10-05
·
CVE-2022-29492
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Hitachi Energy MicroSCADA Pro SYS600 versions 9.0 through 9.4 FP2 Hotfix 4
Hitachi Energy MicroSCADA X SYS600 versions 10 through 10.3.1
Description
The issue is caused by improper input validation in the handling of a malformed IEC 104 TCP packet. Upon receiving a malformed packet, the packet is dropped, but the TCP connection is left open, potentially causing a denial-of-service if the affected connection is left open.
Recommendations
For Hitachi Energy MicroSCADA Pro SYS600 versions 9.0 through 9.4 FP2 Hotfix 4, update to a version later than 9.4 FP2 Hotfix 4.
For Hitachi Energy MicroSCADA X SYS600 versions 10 through 10.3.1, update to a version later than 10.3.1.
As a temporary workaround, consider restricting access to the IEC 104 TCP connection to minimize the risk of exploitation.
Fix
Improper Resource Release
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Hitachi Energy Microscada X Sys600