Rewterz Threat Advisory – ICS: Multiple Hitachi SDM600 Vulnerabilities

Severity

High

Analysis Summary

CVE-2022-3686 CVSS:4.8

Hitachi SDM600 could allow a remote attacker to bypass security restrictions, caused by a flaw in API permission check mechanism. By running multiple parallel requests, an attacker could exploit this vulnerability to gain access to device data, causing confidentiality and integrity issues.

CVE-2022-3685 CVSS:7.5

Hitachi SDM600 could allow a local authenticated attacker to gain elevated privileges on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.

CVE-2022-3684 CVSS:7.5

Hitachi SDM600 is vulnerable to a denial of service. By running multiple parallel requests, an remote attacker could exploit this vulnerability to cause the SDM600 web services become busy rendering the application unresponsive.

CVE-2022-3683 CVSS:7.7

Hitachi SDM600 could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw in the API web services authorization validation implementation. By sending a specially-crafted request, an attacker could exploit this vulnerability to read data directly from a data store.

CVE-2022-3682 CVSS:9.9

Hitachi SDM600 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in the file permission validation. By gaining access to the system and uploading a specially crafted message, an attacker could exploit this vulnerability to execute arbitrary code on the system.

Impact

• Code Execution
• Privilege Escalation
• Denial of Service
• Security Bypass

Indicators Of Compromise

CVE

• CVE-2022-3686
• CVE-2022-3685
• CVE-2022-3684
• CVE-2022-3683
• CVE-2022-3682

Affected Vendors

Hitachi

Affected Products

• Hitachi Energy SDM600

Remediation

Refer to ABB Document for patch, upgrade or suggested workaround information.

ABB Document