Vulnerabilities > Hitachienergy > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-14 | CVE-2022-29922 | Improper Input Validation vulnerability in Hitachienergy Microscada X Sys600 Improper Input Validation vulnerability in the handling of a specially crafted IEC 61850 packet with a valid data item but with incorrect data type in the IEC 61850 OPC Server in the Hitachi Energy MicroSCADA X SYS600, MicroSCADA Pro SYS600. | 7.5 |
| 2022-09-14 | CVE-2022-2277 | Improper Validation of Specified Quantity in Input vulnerability in Hitachienergy Microscada X Sys600 Improper Input Validation vulnerability exists in the Hitachi Energy MicroSCADA X SYS600's ICCP stack during the ICCP communication establishment causes a denial-of-service when ICCP of SYS600 is request to forward any data item updates with timestamps too distant in the future to any remote ICCP system. | 7.5 |
| 2022-09-12 | CVE-2022-29490 | Unspecified vulnerability in Hitachienergy Microscada X Sys600 Improper Authorization vulnerability exists in the Workplace X WebUI of the Hitachi Energy MicroSCADA X SYS600 allows an authenticated user to execute any MicroSCADA internal scripts irrespective of the authenticated user's role. | 8.8 |
| 2022-07-25 | CVE-2021-40336 | Injection vulnerability in Hitachienergy Modular Switchgear Monitoring Firmware A vulnerability exists in the http web interface where the web interface does not validate data in an HTTP header. | 8.8 |
| 2022-05-02 | CVE-2022-28613 | Improper Validation of Specified Quantity in Input vulnerability in multiple products A vulnerability exists in the HCI Modbus TCP function included in the product versions listed above. | 7.5 |
| 2021-11-26 | CVE-2021-35533 | Improper Input Validation vulnerability in Hitachienergy Rtu500 Firmware 12.0/12.2/12.4 Improper Input Validation vulnerability in the APDU parser in the Bidirectional Communication Interface (BCI) IEC 60870-5-104 function of Hitachi Energy RTU500 series allows an attacker to cause the receiving RTU500 CMU of which the BCI is enabled to reboot when receiving a specially crafted message. | 7.5 |
| 2021-08-20 | CVE-2021-35529 | Insufficiently Protected Credentials vulnerability in Hitachienergy products Insufficiently Protected Credentials vulnerability in client environment of Hitachi ABB Power Grids Retail Operations and Counterparty Settlement Billing (CSB) allows an attacker or unauthorized user to access database credentials, shut down the product and access or alter. | 7.2 |
| 2021-07-14 | CVE-2021-35527 | Insufficiently Protected Credentials vulnerability in Hitachienergy Esoms Password autocomplete vulnerability in the web application password field of Hitachi ABB Power Grids eSOMS allows attacker to gain access to user credentials that are stored by the browser. | 7.5 |
| 2021-06-14 | CVE-2021-26845 | Incorrect Authorization vulnerability in Hitachienergy Esoms Information Exposure vulnerability in Hitachi ABB Power Grids eSOMS allows unauthorized user to gain access to report data if the URL used to access the report is discovered. | 7.5 |
| 2021-06-14 | CVE-2021-27196 | Improper Input Validation vulnerability in Hitachienergy products Improper Input Validation vulnerability in Hitachi ABB Power Grids Relion 670 Series, Relion 670/650 Series, Relion 670/650/SAM600-IO, Relion 650, REB500, RTU500 Series, FOX615 (TEGO1), MSM, GMS600, PWC600 allows an attacker with access to the IEC 61850 network with knowledge of how to reproduce the attack, as well as the IP addresses of the different IEC 61850 access points (of IEDs/products), to force the device to reboot, which renders the device inoperable for approximately 60 seconds. | 7.5 |