CVE-2022-3683

Name of the Vulnerable Software and Affected Versions Hitachi Energy System Data Manager SDM600 versions prior to 1.2 FP3 HF4 (Build Nr. 1.2.23000.291)

Description A vulnerability exists in the SDM600 API web services authorization validation implementation. An attacker who successfully exploits the vulnerability could read data directly from a data store that is not restricted, or insufficiently protected, having access to sensitive data.

Recommendations For SDM600 versions prior to 1.2 FP3 HF4 (Build Nr. 1.2.23000.291), update to version 1.2 FP3 HF4 or later to resolve the issue. As a temporary workaround, consider restricting access to the SDM600 API web services to minimize the risk of exploitation.