CVE-2022-3684

28.03.2023, 13:15

A vulnerability exists in a SDM600 endpoint.
An attacker could exploit this vulnerability by running multiple parallel requests, the SDM600 web services become busy rendering the application unresponsive.
This issue affects:All SDM600 versions prior to version 1.2 FP3 HF4 (Build Nr. 1.2.23000.291)

 

List of CPEs:


  *  cpe:2.3:a:hitachienergy:sdm600:1.0:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:sdm600:1.1:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:sdm600:1.2:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:sdm600:1.2.9002.257:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:sdm600:1.2.10002.257:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:sdm600:1.2.11002.149:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:sdm600:1.2.12002.222:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:sdm600:1.2.13002.72:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:sdm600:1.2.14002.44:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:sdm600:1.2.14002.92:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:sdm600:1.2.14002.108:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:sdm600:1.2.14002.182:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:sdm600:1.2.14002.257:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:sdm600:1.2.14002.342:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:sdm600:1.2.14002.447:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:sdm600:1.2.14002.481:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:sdm600:1.2.14002.506:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:sdm600:1.2.14002.566:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:sdm600:1.2.20000.3174:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:sdm600:1.2.21000.291:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:sdm600:1.2.21000.931:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:sdm600:1.2.21000.105:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:sdm600:1.2.23000.291:*:*:*:*:*:*:*

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Hitachi Energy	CNA	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 34%

Vendor	Product	Version
hitachienergy	sdm600	1.0 ≤ 𝑥 < 1.2.23000.291

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-404 - Improper Resource Shutdown or Release
The program does not release or incorrectly releases a resource before it is made available for re-use.

References

https://search.abb.com/library/Download.aspx?DocumentID=8DBD000138&LanguageCode=en&DocumentPartId=&Action=Launch