← Back

CVE-2022-3864

nvd nist
Published: Jan 4, 2024Modified: Nov 21, 2024

JSON object

Loading...
4.5
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H
Exploitability: 0.9 / Impact: 3.6
Source: NVD

Description

A vulnerability exists in the Relion update package signature validation. A tampered update package could cause the IED to restart. After restart the device is back to normal operation. An attacker could exploit the vulnerability by first gaining access to the system with security privileges and attempt to update the IED with a malicious update package. Successful exploitation of this vulnerability will cause the IED to restart, causing a temporary Denial of Service.

Affected (11)

Hitachienergy
3 products
Relion 650 Firmware
Relion 670 Firmware
Relion Sam600 Io Firmware
Configuration A
4 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Hitachienergy
Relion 650 Firmware
Version 2.2.0
Relion 650 Firmware
Version 2.2.1
Relion 650 Firmware
Version 2.2.4
Relion 650 Firmware
Version 2.2.5
Running on/withPlatform Versions
Hitachienergy
Relion 650
All versions
Configuration B
6 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Hitachienergy
Relion 670 Firmware
Version 2.2.0
Relion 670 Firmware
Version 2.2.1
Relion 670 Firmware
Version 2.2.2
Relion 670 Firmware
Version 2.2.3
Relion 670 Firmware
Version 2.2.4
Relion 670 Firmware
Version 2.2.5
Running on/withPlatform Versions
Hitachienergy
Relion 670
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Relion Sam600 Io Firmware
Version 2.2.1
Running on/withPlatform Versions
Hitachienergy
Relion Sam600 Io
All versions

Related CWEs

CWE-347
Improper Verification of Cryptographic Signature
The product does not verify, or incorrectly verifies, the cryptographic signature for data.

References (2)

Source: cybersecurity@hitachienergy.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.