CVE-2022-3353 : Security Advisory and Response

A vulnerability exists in the IEC 61850 communication stack that affects multiple Hitachi Energy products. An attacker could exploit the vulnerability by using a specially crafted message sequence to force the IEC 61850 MMS-server communication stack to stop accepting new MMS-client connections. Existing client-server connections are not affected. This vulnerability has a CVSS v3.1 base score of 5.9, falling under the attack complexity of HIGH and availability impact of HIGH.

Understanding CVE-2022-3353

This vulnerability impacts various Hitachi Energy products, exposing them to denial-of-service attacks that can disrupt critical infrastructure operations.

What is CVE-2022-3353?

The vulnerability in the IEC 61850 communication stack allows attackers to disrupt communication between MMS-server and client connections, affecting several Hitachi Energy products.

The Impact of CVE-2022-3353

Attackers can exploit this vulnerability to disrupt MMS-client connections, potentially causing operational downtime and impacting critical systems within affected infrastructures.

Technical Details of CVE-2022-3353

Vulnerability Description

The vulnerability arises from improper handling of specially crafted message sequences in the IEC 61850 communication stack, leading to denial of service.

Affected Systems and Versions

FOX61x TEGO1 versions: tego1_r15b08, tego1_r2a16_03, tego1_r2a16, tego1_r1e01, tego1_r1d02, tego1_r1c07, tego1_r1b02
GMS600 version: 1.3
ITT600 SA Explorer versions: 1.1.0 to 2.1.1
MicroSCADA X SYS600 versions: 10.0 to 10.4
MSM version: 2.2.3;0
PWC600 versions: 1.0 to 1.2
REB500 versions: 7.0, 8.0
Relion® 670 versions: 1.2 to 2.2.5
Relion® 650 versions: 1.1 to 2.2.5
SAM600-IO versions: 2.2.1, 2.2.5
RTU500 versions: 12.0.1 to 13.4.1
TXpert Hub CoreTec 4 versions: 2.0.* to 3.0.*
TXpert Hub CoreTec 5 version: 3.0.*

Exploitation Mechanism

Attackers can send maliciously crafted message sequences to trigger the vulnerability, disrupting MMS-server communication in the affected products.

Mitigation and Prevention

Immediate Steps to Take

Administrators are advised to upgrade the affected systems to the patched versions once remediated versions become available.

Long-Term Security Practices

Implement recommended security practices and firewall configurations to safeguard process control networks from external attacks. Avoid direct Internet connections, restrict network access, and scan portable devices for malware.

Patching and Updates

Regularly update and patch affected systems to address known vulnerabilities and enhance overall security posture.