CVE-2022-29922

Name of the Vulnerable Software and Affected Versions Hitachi Energy MicroSCADA Pro SYS600 versions 9.4 FP2 Hotfix 4 and earlier Hitachi Energy MicroSCADA X SYS600 versions 10 through 10.3.1

Description The issue is related to an Improper Input Validation vulnerability in the handling of a specially crafted IEC 61850 packet with a valid data item but with incorrect data type in the IEC 61850 OPC Server. This vulnerability may cause a denial-of-service on the IEC 61850 OPC Server part of the SYS600 product.

Recommendations For Hitachi Energy MicroSCADA Pro SYS600 versions 9.4 FP2 Hotfix 4 and earlier, update to a version later than 9.4 FP2 Hotfix 4. For Hitachi Energy MicroSCADA X SYS600 versions 10 through 10.3.1, update to a version later than 10.3.1. As a temporary workaround, consider restricting access to the IEC 61850 OPC Server to minimize the risk of exploitation.