CVE-2022-3864 : A vulnerability exists in the Relion update package signature validation. A tamp

A vulnerability exists in the Relion update package signature validation. A tampered update package could cause the IED to restart. After restart the device is back to normal operation. An attacker could exploit the vulnerability by first gaining access to the system with security privileges and attempt to update the IED with a malicious update package. Successful exploitation of this vulnerability will cause the IED to restart, causing a temporary Denial of Service.

Published 2024-01-04 10:15:11

Updated 2024-01-10 16:32:35

Source Hitachi Energy

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2022-3864

Hitachienergy » Relion Sam600-io Firmware » Version: 2.2.1
cpe:2.3:o:hitachienergy:relion_sam600-io_firmware:2.2.1:*:*:*:*:*:*:*
Matching versions
When used together with: Hitachienergy » Relion Sam600-io » Version: N/A
Hitachienergy » Relion 650 Firmware » Version: 2.2.0
cpe:2.3:o:hitachienergy:relion_650_firmware:2.2.0:*:*:*:*:*:*:*
Matching versions
When used together with: Hitachienergy » Relion 650 » Version: N/A
Hitachienergy » Relion 650 Firmware » Version: 2.2.1
cpe:2.3:o:hitachienergy:relion_650_firmware:2.2.1:*:*:*:*:*:*:*
Matching versions
When used together with: Hitachienergy » Relion 650 » Version: N/A
Hitachienergy » Relion 650 Firmware » Version: 2.2.4
cpe:2.3:o:hitachienergy:relion_650_firmware:2.2.4:*:*:*:*:*:*:*
Matching versions
When used together with: Hitachienergy » Relion 650 » Version: N/A
Hitachienergy » Relion 650 Firmware » Version: 2.2.5
cpe:2.3:o:hitachienergy:relion_650_firmware:2.2.5:*:*:*:*:*:*:*
Matching versions
When used together with: Hitachienergy » Relion 650 » Version: N/A
Hitachienergy » Relion 670 Firmware » Version: 2.2.0
cpe:2.3:o:hitachienergy:relion_670_firmware:2.2.0:*:*:*:*:*:*:*
Matching versions
When used together with: Hitachienergy » Relion 670 » Version: N/A
Hitachienergy » Relion 670 Firmware » Version: 2.2.1
cpe:2.3:o:hitachienergy:relion_670_firmware:2.2.1:*:*:*:*:*:*:*
Matching versions
When used together with: Hitachienergy » Relion 670 » Version: N/A
Hitachienergy » Relion 670 Firmware » Version: 2.2.2
cpe:2.3:o:hitachienergy:relion_670_firmware:2.2.2:*:*:*:*:*:*:*
Matching versions
When used together with: Hitachienergy » Relion 670 » Version: N/A
Hitachienergy » Relion 670 Firmware » Version: 2.2.3
cpe:2.3:o:hitachienergy:relion_670_firmware:2.2.3:*:*:*:*:*:*:*
Matching versions
When used together with: Hitachienergy » Relion 670 » Version: N/A
Hitachienergy » Relion 670 Firmware » Version: 2.2.4
cpe:2.3:o:hitachienergy:relion_670_firmware:2.2.4:*:*:*:*:*:*:*
Matching versions
When used together with: Hitachienergy » Relion 670 » Version: N/A
Hitachienergy » Relion 670 Firmware » Version: 2.2.5
cpe:2.3:o:hitachienergy:relion_670_firmware:2.2.5:*:*:*:*:*:*:*
Matching versions
When used together with: Hitachienergy » Relion 670 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2022-3864

EPSS FAQ

0.05%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 11 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-3864

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H	0.9	3.6	Hitachi Energy	2024-01-04
Attack Vector: Network Attack Complexity: Low Privileges Required: High User Interaction: Required Scope: Unchanged Confidentiality: None Integrity: None Availability: High
4.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H	0.9	3.6	NIST	2024-01-10
Attack Vector: Network Attack Complexity: Low Privileges Required: High User Interaction: Required Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2022-3864

CWE-347 Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.
Assigned by:
- cybersecurity@hitachienergy.com (Secondary)
- nvd@nist.gov (Primary)

References for CVE-2022-3864

https://publisher.hitachienergy.com/preview?DocumentID=8DBD000146&LanguageCode=en&DocumentPartId=&Action=Launch

Hitachi Energy Publisher
Vendor Advisory

Jump to

Vulnerability Details : CVE-2022-3864

Products affected by CVE-2022-3864

Exploit prediction scoring system (EPSS) score for CVE-2022-3864

CVSS scores for CVE-2022-3864

CWE ids for CVE-2022-3864

References for CVE-2022-3864