Rewterz

Rewterz Threat Advisory – ICS: Hitachi Energy IED Connectivity Packages and PCM600 Products Vulnerability

November 30, 2022
Rewterz

Rewterz Threat Advisory – CVE-2021-35587 – Oracle Fusion Middleware Access Manager Vulnerability

November 30, 2022

Rewterz Threat Advisory – ICS: Hitachi Energy MicroSCADA Pro/X SYS600 Products Vulnerability

Severity

High

Analysis Summary

CVE-2022-3388

An input validation vulnerability exists in the Monitor Pro interface of MicroSCADA Pro and MicroSCADA X SYS600. An authenticated user could launch an administrator level remote code execution regardless of the authenticated user’s role.

Impact

Unauthorized Access

Indicators Of Compromise

CVE

  • CVE-2022-3388

Affected Vendors

Mitsubishi Electric

Affected Products

  • SYS600 10.4 and earlier
  • SYS600 9.4 FP2 Hotfix 4 and earlier versions

Remediation

Refer to CISA-CERT Advisory for the patch, upgrade, or suggested workaround information.
CISA-CERT Advisory

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.