SDM600 endpoint vulnerability
CVE-2022-3684

7.5HIGH

Key Information:

Vendor: Hitachi
Status: Sdm600
Vendor: CVE Published:; 28 March 2023

What is CVE-2022-3684?

A denial of service vulnerability has been identified in the SDM600 endpoint by Hitachi Energy. The exploit occurs when an attacker sends multiple parallel requests, causing the SDM600 web services to become overburdened and eventually unresponsive. This vulnerability affects all SDM600 versions prior to version 1.2 FP3 HF4 (Build Nr. 1.2.23000.291). It is crucial for organizations using these systems to evaluate their security posture and apply the necessary updates to mitigate potential disruptions.

Affected Version(s)

SDM600 SDM600 1.2

SDM600 SDM600 1.1

SDM600 SDM600 1.0

References

https://search.abb.com/library/Download.aspx?DocumentID=8...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 28, 2023
Vulnerability Reserved
Oct 26, 2022