Skip to main content

Microscada X Sys600 CVE-2022-1778

MEDIUM
Buffer Overflow (CWE-119)
2022-09-14 cybersecurity@hitachienergy.com
4.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.4 MEDIUM
AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Sep 14, 2022 - 18:15 nvd
MEDIUM 4.4

DescriptionNVD

Improper Input Validation vulnerability in Hitachi Energy MicroSCADA X SYS600 while reading a specific configuration file causes a buffer-overflow that causes a failure to start the SYS600. The configuration file can only be accessed by an administrator access. This issue affects: Hitachi Energy MicroSCADA X SYS600 version 10 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*

AnalysisAI

Improper Input Validation vulnerability in Hitachi Energy MicroSCADA X SYS600 while reading a specific configuration file causes a buffer-overflow that causes a failure to start the SYS600. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. Improper Input Validation vulnerability in Hitachi Energy MicroSCADA X SYS600 while reading a specific configuration file causes a buffer-overflow that causes a failure to start the SYS600. The configuration file can only be accessed by an administrator access. This issue affects: Hitachi Energy MicroSCADA X SYS600 version 10 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:* Affected products include: Hitachienergy Microscada X Sys600. Version information: version 10.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.

CVE-2024-7940 CRITICAL
9.8 Aug 27

The product exposes a service that is intended for local only to all network interfaces without any authentication. Rate

CVE-2024-4872 HIGH
8.8 Aug 27

A vulnerability exists in the query validation of the MicroSCADA Pro/X SYS600 product. Rated high severity (CVSS 8.8), t

CVE-2024-3980 HIGH
8.8 Aug 27

The MicroSCADA Pro/X SYS600 product allows an authenticated user input to control or influence paths or file names that

CVE-2022-29490 HIGH
8.8 Sep 12

Improper Authorization vulnerability exists in the Workplace X WebUI of the Hitachi Energy MicroSCADA X SYS600 allows an

CVE-2024-3982 HIGH
8.2 Aug 27

An attacker with local access to machine where MicroSCADA X SYS600 is installed, could enable the session logging suppor

CVE-2022-3388 HIGH
7.8 Nov 21

An input validation vulnerability exists in the Monitor Pro interface of MicroSCADA Pro and MicroSCADA X SYS600. Rated h

CVE-2022-2277 HIGH
7.5 Sep 14

Improper Input Validation vulnerability exists in the Hitachi Energy MicroSCADA X SYS600's ICCP stack during the ICCP co

CVE-2022-29922 HIGH
7.5 Sep 14

Improper Input Validation vulnerability in the handling of a specially crafted IEC 61850 packet with a valid data item b

CVE-2022-29492 HIGH
7.5 Sep 14

Improper Input Validation vulnerability in the handling of a malformed IEC 104 TCP packet in the Hitachi Energy MicroSCA

CVE-2025-39202 HIGH
7.3 Jun 24

CVE-2025-39202 is a local privilege escalation vulnerability in MicroSCADA X SYS600's Monitor Pro interface that allows

CVE-2025-39204 MEDIUM
6.5 Jun 24

A vulnerability exists in the Web interface of the MicroSCADA X SYS600 product. The filtering query in the Web interface

CVE-2025-39203 MEDIUM
6.5 Jun 24

A vulnerability exists in the IEC 61850 of the MicroSCADA X SYS600 product. An IEC 61850-8 crafted message content from

Share

CVE-2022-1778 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy