Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2022-2513
HistoryNov 22, 2022 - 11:15 a.m.

CVE-2022-2513

2022-11-2211:15:29
CWE-312
[email protected]
web.nvd.nist.gov
50
4
hitachi energy
pcm600
vulnerability
ied
connpack
credential storage
cve-2022-2513
cybersecurity
nvd

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

5.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

A vulnerability exists in the Intelligent Electronic Device (IED) Connectivity Package (ConnPack) credential storage function in Hitachi Energy’s PCM600 product included in the versions listed below, where IEDs credentials are stored in a cleartext format in the PCM600 database and logs files. An attacker having get access to the exported backup file can exploit the vulnerability and obtain user credentials of the IEDs. Additionally, an attacker with administrator access to the PCM600 host machine can obtain other user credentials by analyzing database log files. The credentials may be used to perform unauthorized modifications such as loading incorrect configurations, reboot the IEDs or cause a denial-of-service on the IEDs.

Affected configurations

NVD
Node
hitachienergy650connectivitypackageMatch1.3.0
OR
hitachienergy650connectivitypackageMatch2.1.2
OR
hitachienergy650connectivitypackageMatch2.2.2
OR
hitachienergy650connectivitypackageMatch2.3.0
OR
hitachienergy650connectivitypackageMatch2.4.1
OR
hitachienergy670connectivitypackageMatch3.0.2
OR
hitachienergy670connectivitypackageMatch3.1.2
OR
hitachienergy670connectivitypackageMatch3.2.6
OR
hitachienergy670connectivitypackageMatch3.3.0
OR
hitachienergy670connectivitypackageMatch3.4.1
OR
hitachienergygms600connectivitypackageMatch1.3.0
OR
hitachienergygms600connectivitypackageMatch1.3.1
OR
hitachienergypcm600Range2.11
OR
hitachienergypwc600connectivitypackageMatch1.1.0
OR
hitachienergypwc600connectivitypackageMatch1.1.1
OR
hitachienergypwc600connectivitypackageMatch1.1.2
OR
hitachienergypwc600connectivitypackageMatch1.2.0
OR
hitachienergypwc600connectivitypackageMatch1.3.0
OR
hitachienergysam600ioconnectivitypackageMatch1.0.0
OR
hitachienergysam600ioconnectivitypackageMatch1.1.0
OR
hitachienergysam600ioconnectivitypackageMatch1.2.0
CPENameOperatorVersion
hitachienergy:650connectivitypackagehitachienergy 650connectivitypackageeq1.3.0
hitachienergy:650connectivitypackagehitachienergy 650connectivitypackageeq2.1.2
hitachienergy:650connectivitypackagehitachienergy 650connectivitypackageeq2.2.2
hitachienergy:650connectivitypackagehitachienergy 650connectivitypackageeq2.3.0
hitachienergy:650connectivitypackagehitachienergy 650connectivitypackageeq2.4.1
hitachienergy:670connectivitypackagehitachienergy 670connectivitypackageeq3.0.2
hitachienergy:670connectivitypackagehitachienergy 670connectivitypackageeq3.1.2
hitachienergy:670connectivitypackagehitachienergy 670connectivitypackageeq3.2.6
hitachienergy:670connectivitypackagehitachienergy 670connectivitypackageeq3.3.0
hitachienergy:670connectivitypackagehitachienergy 670connectivitypackageeq3.4.1
Rows per page:
1-10 of 211

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "PCM600",
    "vendor": "Hitachi Energy",
    "versions": [
      {
        "lessThanOrEqual": "2.11 Hotfix 20220617",
        "status": "affected",
        "version": "v2.6",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "670 Connectivity Package",
    "vendor": "Hitachi Energy",
    "versions": [
      {
        "lessThanOrEqual": "3.4.1",
        "status": "affected",
        "version": "3.0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "650 Connectivity Package",
    "vendor": "Hitachi Energy",
    "versions": [
      {
        "lessThanOrEqual": "2.4.1",
        "status": "affected",
        "version": "1.3",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "SAM600-IO Connectivity Package",
    "vendor": "Hitachi Energy",
    "versions": [
      {
        "lessThanOrEqual": "1.2",
        "status": "affected",
        "version": "1.0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "GMS600 Connectivity Package",
    "vendor": "Hitachi Energy",
    "versions": [
      {
        "lessThanOrEqual": "1.3.1",
        "status": "affected",
        "version": "1.3",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "PWC600 Connectivity Package",
    "vendor": "Hitachi Energy",
    "versions": [
      {
        "lessThanOrEqual": "1.3",
        "status": "affected",
        "version": "1.1",
        "versionType": "semver"
      }
    ]
  }
]

Social References

More

Related

prion 1
cnvd 1
cvelist 1
nessus 1
nvd 1
ics 1
prion
prion
Design/Logic Flaw
2022-11-22 11:15:00
cnvd
cnvd
Hitachi Energy PCM600 Information Disclosure Vulnerability
2022-11-24 00:00:00
cvelist
cvelist
CVE-2022-2513 Cleartext Credentials Vulnerability on Hitachi Energy’s Multiple IED Connectivity Packages (IED ConnPacks) and PCM600 Products
2022-11-22 10:30:34
nessus
nessus
Hitachi Energy IED Connectivity Packages and PCM600 Products Cleartext Storage of Sensitive Information (CVE-2022-2513)
2022-11-30 00:00:00
nvd
nvd
CVE-2022-2513
2022-11-22 11:15:29
ics
ics
Hitachi Energy IED Connectivity Packages and PCM600 Products
2022-11-29 12:00:00

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

5.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON
Related for CVE-2022-2513
prion1cnvd1cvelist1nessus1nvd1ics1