A vulnerability exists in the Relion update package signature validation. A tampered update package could cause the IED to restart. After restart the device is back to normal operation.
An attacker could exploit the vulnerability by first gaining access to
the system with security privileges and attempt to update the IED
with a malicious update package. Successful exploitation of this
vulnerability will cause the IED to restart, causing a temporary Denial of Service.
References
Link | Resource |
---|---|
https://publisher.hitachienergy.com/preview?DocumentID=8DBD000146&LanguageCode=en&DocumentPartId=&Action=Launch | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
History
10 Jan 2024, 16:32
Type | Values Removed | Values Added |
---|---|---|
References | () https://publisher.hitachienergy.com/preview?DocumentID=8DBD000146&LanguageCode=en&DocumentPartId=&Action=Launch - Vendor Advisory | |
First Time |
Hitachienergy relion 650
Hitachienergy Hitachienergy relion Sam600-io Firmware Hitachienergy relion 670 Hitachienergy relion 670 Firmware Hitachienergy relion 650 Firmware Hitachienergy relion Sam600-io |
|
CPE | cpe:2.3:o:hitachienergy:relion_sam600-io_firmware:2.2.1:*:*:*:*:*:*:* cpe:2.3:o:hitachienergy:relion_650_firmware:2.2.5:*:*:*:*:*:*:* cpe:2.3:o:hitachienergy:relion_670_firmware:2.2.0:*:*:*:*:*:*:* cpe:2.3:o:hitachienergy:relion_670_firmware:2.2.3:*:*:*:*:*:*:* cpe:2.3:o:hitachienergy:relion_650_firmware:2.2.0:*:*:*:*:*:*:* cpe:2.3:h:hitachienergy:relion_670:-:*:*:*:*:*:*:* cpe:2.3:h:hitachienergy:relion_sam600-io:-:*:*:*:*:*:*:* cpe:2.3:o:hitachienergy:relion_670_firmware:2.2.5:*:*:*:*:*:*:* cpe:2.3:o:hitachienergy:relion_670_firmware:2.2.1:*:*:*:*:*:*:* cpe:2.3:o:hitachienergy:relion_670_firmware:2.2.4:*:*:*:*:*:*:* cpe:2.3:h:hitachienergy:relion_650:-:*:*:*:*:*:*:* cpe:2.3:o:hitachienergy:relion_670_firmware:2.2.2:*:*:*:*:*:*:* cpe:2.3:o:hitachienergy:relion_650_firmware:2.2.1:*:*:*:*:*:*:* cpe:2.3:o:hitachienergy:relion_650_firmware:2.2.4:*:*:*:*:*:*:* |
04 Jan 2024, 14:58
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
04 Jan 2024, 10:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-04 10:15
Updated : 2024-01-10 16:32
NVD link : CVE-2022-3864
Mitre link : CVE-2022-3864
CVE.ORG link : CVE-2022-3864
JSON object : View
Products Affected
hitachienergy
- relion_650_firmware
- relion_670_firmware
- relion_670
- relion_sam600-io_firmware
- relion_sam600-io
- relion_650
CWE
CWE-347
Improper Verification of Cryptographic Signature