Vulnerability Details CVE-2022-29492
Improper Input Validation vulnerability in the handling of a malformed IEC 104 TCP packet in the Hitachi Energy MicroSCADA X SYS600, MicroSCADA Pro SYS600. Upon receiving a malformed IEC 104 TCP packet, the malformed packet is dropped, however the TCP connection is left open. This may cause a denial-of-service if the affected connection is left open. This issue affects: Hitachi Energy MicroSCADA Pro SYS600 version 9.4 FP2 Hotfix 4 and earlier versions Hitachi Energy MicroSCADA X SYS600 version 10 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.0:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 22.4%
CVSS Severity
CVSS v3 Score 5.3
References
Products affected by CVE-2022-29492
-
cpe:2.3:a:hitachienergy:microscada_x_sys600:10
-
cpe:2.3:a:hitachienergy:microscada_x_sys600:10.0
-
cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1
-
cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1
-
cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2
-
cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1
-
cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3
-
cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1
-
cpe:2.3:h:hitachienergy:sys600:-