SDM600 API permission check
CVE-2022-3686
4.8MEDIUM
Summary
A vulnerability exists in a SDM600 endpoint. An attacker could exploit this vulnerability by running multiple parallel requests, the SDM600 web services become busy rendering the application unresponsive. This issue affects: All SDM600 versions prior to version 1.2 FP3 HF4 (Build Nr. 1.2.23000.291)
List of CPEs:
- cpe:2.3:a:hitachienergy:sdm600:1.0:::::::*
- cpe:2.3:a:hitachienergy:sdm600:1.1:::::::*
- cpe:2.3:a:hitachienergy:sdm600:1.2:::::::*
- cpe:2.3:a:hitachienergy:sdm600:1.2.9002.257:::::::*
- cpe:2.3:a:hitachienergy:sdm600:1.2.10002.257:::::::*
- cpe:2.3:a:hitachienergy:sdm600:1.2.11002.149:::::::*
- cpe:2.3:a:hitachienergy:sdm600:1.2.12002.222:::::::*
- cpe:2.3:a:hitachienergy:sdm600:1.2.13002.72:::::::*
- cpe:2.3:a:hitachienergy:sdm600:1.2.14002.44:::::::*
- cpe:2.3:a:hitachienergy:sdm600:1.2.14002.92:::::::*
- cpe:2.3:a:hitachienergy:sdm600:1.2.14002.108:::::::*
- cpe:2.3:a:hitachienergy:sdm600:1.2.14002.182:::::::*
- cpe:2.3:a:hitachienergy:sdm600:1.2.14002.257:::::::*
- cpe:2.3:a:hitachienergy:sdm600:1.2.14002.342:::::::*
- cpe:2.3:a:hitachienergy:sdm600:1.2.14002.447:::::::*
- cpe:2.3:a:hitachienergy:sdm600:1.2.14002.481:::::::*
- cpe:2.3:a:hitachienergy:sdm600:1.2.14002.506:::::::*
- cpe:2.3:a:hitachienergy:sdm600:1.2.14002.566:::::::*
- cpe:2.3:a:hitachienergy:sdm600:1.2.20000.3174:::::::*
- cpe:2.3:a:hitachienergy:sdm600:1.2.21000.291:::::::*
- cpe:2.3:a:hitachienergy:sdm600:1.2.21000.931:::::::*
- cpe:2.3:a:hitachienergy:sdm600:1.2.21000.105:::::::*
- cpe:2.3:a:hitachienergy:sdm600:1.2.23000.291:::::::*
Affected Version(s)
SDM600 SDM600 1.2
SDM600 SDM600 1.1
SDM600 SDM600 1.0
References
CVSS V3.1
Score:
4.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved