nvd-json-data-feeds/CVE-2022/CVE-2022-17xx/CVE-2022-1778.json

{
  "id": "CVE-2022-1778",
  "sourceIdentifier": "cybersecurity@hitachienergy.com",
  "published": "2022-09-14T18:15:09.953",
  "lastModified": "2023-06-27T15:47:06.047",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "Improper Input Validation vulnerability in Hitachi Energy MicroSCADA X SYS600 while reading a specific configuration file causes a buffer-overflow that causes a failure to start the SYS600. The configuration file can only be accessed by an administrator access. This issue affects: Hitachi Energy MicroSCADA X SYS600 version 10 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*"
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de comprobaci\u00f3n de entrada inapropiada en Hitachi Energy MicroSCADA X SYS600 mientras es le\u00eddo un archivo de configuraci\u00f3n espec\u00edfico causa un desbordamiento del b\u00fafer que causa un fallo en el inicio del SYS600. S\u00f3lo puede accederse al archivo de configuraci\u00f3n mediante un acceso de administrador. Este problema afecta a: Hitachi Energy MicroSCADA X SYS600 versi\u00f3n 10 hasta 10.3.1. cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:cpe:2. 3:a:hitachienergy:microscada_x_sys600:10.1:*:*:*:*:*:*:cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:*:*:*:*:*:*:*:cpe:2. 3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:cpe:2. 3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*:*"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "HIGH",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "HIGH",
          "baseScore": 4.4,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 3.6
      },
      {
        "source": "cybersecurity@hitachienergy.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ]
    },
    {
      "source": "cybersecurity@hitachienergy.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ]
    }
  ],
  "configurations": [
    {
      "operator": "AND",
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:hitachienergy:microscada_x_sys600:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "10.0",
              "versionEndIncluding": "10.3.1",
              "matchCriteriaId": "0566FCE7-F150-4DEC-A35C-A8A3EBEE8D3D"
            }
          ]
        },
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:h:hitachienergy:sys600:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "42B6499F-D82D-4B02-BBEC-60B36FB0C678"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000106&LanguageCode=en&DocumentPartId=&Action=Launch",
      "source": "cybersecurity@hitachienergy.com",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}