Details of VAR-202211-1567

ID

VAR-202211-1567

CVE

CVE-2022-2513

TITLE

Hitachi Energy PCM600 Information Disclosure Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2022-86325

DESCRIPTION

A vulnerability exists in the Intelligent Electronic Device (IED) Connectivity Package (ConnPack) credential storage function in Hitachi Energy’s PCM600 product included in the versions listed below, where IEDs credentials are stored in a cleartext format in the PCM600 database and logs files. An attacker having get access to the exported backup file can exploit the vulnerability and obtain user credentials of the IEDs. Additionally, an attacker with administrator access to the PCM600 host machine can obtain other user credentials by analyzing database log files. The credentials may be used to perform unauthorized modifications such as loading incorrect configurations, reboot the IEDs or cause a denial-of-service on the IEDs. Hitachi Energy PCM600 is a simplified management tool for protection and control relays from Hitachi, Japan. Hitachi Energy PCM600 has an information disclosure vulnerability. The vulnerability stems from the fact that IED credentials are stored in the PCM600 database in clear text

Trust: 1.53

sources: NVD: CVE-2022-2513 // CNVD: CNVD-2022-86325 // VULMON: CVE-2022-2513

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-86325

AFFECTED PRODUCTS

vendor:	hitachienergy	model:	670connectivitypackage	scope:	eq	version:	3.1.2	Trust: 1.0
vendor:	hitachienergy	model:	650connectivitypackage	scope:	eq	version:	2.4.1	Trust: 1.0
vendor:	hitachienergy	model:	670connectivitypackage	scope:	eq	version:	3.2.6	Trust: 1.0
vendor:	hitachienergy	model:	670connectivitypackage	scope:	eq	version:	3.0.2	Trust: 1.0
vendor:	hitachienergy	model:	gms600connectivitypackage	scope:	eq	version:	1.3.0	Trust: 1.0
vendor:	hitachienergy	model:	pcm600	scope:	lte	version:	2.11	Trust: 1.0
vendor:	hitachienergy	model:	pwc600connectivitypackage	scope:	eq	version:	1.1.2	Trust: 1.0
vendor:	hitachienergy	model:	pwc600connectivitypackage	scope:	eq	version:	1.1.0	Trust: 1.0
vendor:	hitachienergy	model:	pwc600connectivitypackage	scope:	eq	version:	1.2.0	Trust: 1.0
vendor:	hitachienergy	model:	sam600ioconnectivitypackage	scope:	eq	version:	1.0.0	Trust: 1.0
vendor:	hitachienergy	model:	670connectivitypackage	scope:	eq	version:	3.3.0	Trust: 1.0
vendor:	hitachienergy	model:	gms600connectivitypackage	scope:	eq	version:	1.3.1	Trust: 1.0
vendor:	hitachienergy	model:	sam600ioconnectivitypackage	scope:	eq	version:	1.1.0	Trust: 1.0
vendor:	hitachienergy	model:	pwc600connectivitypackage	scope:	eq	version:	1.1.1	Trust: 1.0
vendor:	hitachienergy	model:	650connectivitypackage	scope:	eq	version:	2.3.0	Trust: 1.0
vendor:	hitachienergy	model:	sam600ioconnectivitypackage	scope:	eq	version:	1.2.0	Trust: 1.0
vendor:	hitachienergy	model:	670connectivitypackage	scope:	eq	version:	3.4.1	Trust: 1.0
vendor:	hitachienergy	model:	650connectivitypackage	scope:	eq	version:	2.2.2	Trust: 1.0
vendor:	hitachienergy	model:	pwc600connectivitypackage	scope:	eq	version:	1.3.0	Trust: 1.0
vendor:	hitachienergy	model:	650connectivitypackage	scope:	eq	version:	1.3.0	Trust: 1.0
vendor:	hitachienergy	model:	650connectivitypackage	scope:	eq	version:	2.1.2	Trust: 1.0
vendor:	hitachi	model:	energy pcm600	scope:	eq	version:	2.6	Trust: 0.6
vendor:	hitachi	model:	energy relion	scope:	eq	version:	670>=3.0,<=3.4.1	Trust: 0.6
vendor:	hitachi	model:	energy relion	scope:	eq	version:	650>=1.3,<=2.4.1	Trust: 0.6
vendor:	hitachi	model:	energy relion sam600 io	scope:	gte	version:	1.0,<=1.2	Trust: 0.6
vendor:	hitachi	model:	energy gms600	scope:	gte	version:	1.3,<=1.3.1	Trust: 0.6
vendor:	hitachi	model:	energy pwc600	scope:	gte	version:	1.1,<=1.3	Trust: 0.6

sources: CNVD: CNVD-2022-86325 // NVD: CVE-2022-2513

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-2513
value:	MEDIUM
Trust: 1.0
cybersecurity@hitachienergy.com:	CVE-2022-2513
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2022-86325
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202211-3282
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2022-86325
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:C/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2022-2513
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
cybersecurity@hitachienergy.com:	CVE-2022-2513
baseSeverity:	HIGH
baseScore:	7.1
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.5
impactScore:	4.0
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2022-86325 // CNNVD: CNNVD-202211-3282 // NVD: CVE-2022-2513 // NVD: CVE-2022-2513

PROBLEMTYPE DATA

problemtype:

CWE-312

Trust: 1.0

sources: NVD: CVE-2022-2513

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202211-3282

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202211-3282

PATCH

title:	Patch for Hitachi Energy PCM600 Information Disclosure Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/365576	Trust: 0.6
title:	Hitachi Energy PCM600 Security vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=215778	Trust: 0.6

sources: CNVD: CNVD-2022-86325 // CNNVD: CNNVD-202211-3282

EXTERNAL IDS

db:	NVD	id:	CVE-2022-2513	Trust: 2.3
db:	CNVD	id:	CNVD-2022-86325	Trust: 0.6
db:	CNNVD	id:	CNNVD-202211-3282	Trust: 0.6
db:	VULMON	id:	CVE-2022-2513	Trust: 0.1

sources: CNVD: CNVD-2022-86325 // VULMON: CVE-2022-2513 // CNNVD: CNNVD-202211-3282 // NVD: CVE-2022-2513

REFERENCES

url:	https://search.abb.com/library/download.aspx?documentid=8dbd000120&languagecode=en&documentpartid=&action=launch	Trust: 1.3
url:	https://publisher.hitachienergy.com/preview?documentid=8dbd000120&languagecode=en&documentpartid=&action=launch	Trust: 1.0
url:	https://cxsecurity.com/cveshow/cve-2022-2513/	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2022-86325 // VULMON: CVE-2022-2513 // CNNVD: CNNVD-202211-3282 // NVD: CVE-2022-2513

SOURCES

db:	CNVD	id:	CNVD-2022-86325
db:	VULMON	id:	CVE-2022-2513
db:	CNNVD	id:	CNNVD-202211-3282
db:	NVD	id:	CVE-2022-2513

LAST UPDATE DATE

2024-08-14T13:21:26.845000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-86325	date:	2022-12-09T00:00:00
db:	VULMON	id:	CVE-2022-2513	date:	2022-11-22T00:00:00
db:	CNNVD	id:	CNNVD-202211-3282	date:	2022-12-01T00:00:00
db:	NVD	id:	CVE-2022-2513	date:	2024-05-28T11:15:10.083

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-86325	date:	2022-12-07T00:00:00
db:	VULMON	id:	CVE-2022-2513	date:	2022-11-22T00:00:00
db:	CNNVD	id:	CNNVD-202211-3282	date:	2022-11-22T00:00:00
db:	NVD	id:	CVE-2022-2513	date:	2022-11-22T11:15:29.027