CVE-2022-3864

4.5MEDIUM

Key Information

Vendor: Hitachi
Status: Relion 670/650/sam600-io Series
Vendor: CVE Published:; 4 January 2024

Summary

A vulnerability exists in the Relion update package signature validation. A tampered update package could cause the IED to restart. After restart the device is back to normal operation. An attacker could exploit the vulnerability by first gaining access to the system with security privileges and attempt to update the IED with a malicious update package. Successful exploitation of this vulnerability will cause the IED to restart, causing a temporary Denial of Service.

Affected Version(s)

Relion 670/650/SAM600-IO Series = Relion 670/650 series version 2.2.0 all revisions

Relion 670/650/SAM600-IO Series = Relion 670/650/SAM600-IO series version 2.2.1 all revisions

Relion 670/650/SAM600-IO Series = Relion 670 series version 2.2.2 all revisions

CVSS V3.1

Score:

4.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published.
Jan 4, 2024
Vulnerability Reserved.
Nov 4, 2022

Collectors

NVD DatabaseMitre Database