February 17, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – ICS: Mitsubishi Electric MELSEC and MELIPC Series Vulnerabilities
November 30, 2022Rewterz Threat Advisory – ICS: Hitachi Energy MicroSCADA Pro/X SYS600 Products Vulnerability
November 30, 2022Rewterz Threat Advisory – ICS: Mitsubishi Electric MELSEC and MELIPC Series Vulnerabilities
November 30, 2022Rewterz Threat Advisory – ICS: Hitachi Energy MicroSCADA Pro/X SYS600 Products Vulnerability
November 30, 2022
Severity
High
Analysis Summary
CVE-2022-2513
A vulnerability exists in the Intelligent Electronic Device (IED) Connectivity Package (ConnPack) credential storage function in Hitachi Energy’s PCM600 products in which IED credentials are stored in cleartext inside the PCM600 database. An unauthorized user who gains access to the exported backup file could exploit this vulnerability and obtain IED credentials, which could be used to perform unauthorized modifications, such as loading incorrect configurations, rebooting the IEDs, or causing a denial-of-service condition.
Impact
Denial of Service
Indicators Of Compromise
CVE
- CVE-2022-2513
Affected Vendors
Mitsubishi Electric
Affected Products
- PCM600: v2.11 and previous versions,
- including hotfixes,
- 670 Connectivity Package: versions from 3.0 to 3.4.1,
- 650 Connectivity Package: versions from 1.3 to 2.4.1,
- SAM600-IO Connectivity Package: versions from 1.0 to 1.2,
- GMS600 Connectivity Package: versions from 1.3 to 1.3.1,
- PWC600 Connectivity Package: versions from 1.1 to 1.3
Remediation
Refer to CISA-CERT Advisory for the patch, upgrade, or suggested workaround information.