CVE-2022-3686

Name of the Vulnerable Software and Affected Versions Hitachi Energy System Data Manager SDM600 versions prior to 1.2 FP3 HF4 (Build Nr. 1.2.23000.291)

Description A vulnerability exists in the SDM600 endpoint, where an attacker could exploit this issue by running multiple parallel requests, causing the SDM600 web services to become busy and rendering the application unresponsive. The vulnerability is related to deficiencies in the authorization procedure. This issue may allow a remote attacker to impact the confidentiality and integrity of information.

Recommendations For SDM600 versions prior to 1.2 FP3 HF4 (Build Nr. 1.2.23000.291), update to version 1.2 FP3 HF4 or later to resolve the issue. As a temporary workaround, consider restricting access to the SDM600 endpoint to minimize the risk of exploitation. Additionally, limiting the number of parallel requests to the SDM600 web services may help mitigate the issue until a patch is applied.