CVE-2022-3353

Name of the Vulnerable Software and Affected Versions Hitachi Energy products (affected versions not specified) fox61x tego1 versions r15b08 through r2a16 fox61x tego1 version r1e01 fox61x tego1 version r1d02 fox61x tego1 version r1c07 fox61x tego1 version r1b02 gms600 version 1.3.0 itt600 sa explorer versions 1.1 through 2.1.0.5 microscada x sys600 versions 10 through 10.4.1 mms version 2.2.3 pwc600 versions 1.0 through 1.2 reb500 versions 7 through 8 relion670 versions 1.2 through 2.2 relion650 versions 1.1 through 2.2 relionSAM600-IO versions 2.2.1 through 2.2.5 rtu500cmu versions 12 through 13 txpert hub coretec 4 versions 2 through 3.0 txpert hub coretec 5 version 3.0

Description A vulnerability exists in the IEC 61850 communication stack that affects multiple Hitachi Energy products. An attacker could exploit the vulnerability by using a specially crafted message sequence to force the IEC 61850 MMS-server communication stack to stop accepting new MMS-client connections. Already existing/established client-server connections are not affected.

Recommendations As a temporary workaround, consider disabling the affected IEC 61850 MMS-server communication stack until a patch is available. Restrict access to the vulnerable communication stack to minimize the risk of exploitation. Avoid using the vulnerable message sequence in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.