CVE-2022-3864
published 2024-01-04CVE-2022-3864: A vulnerability exists in the Relion update package signature validation. A tampered update package could cause the IED to restart. After restart the device is…
PriorityP417medium4.5CVSS 3.1
AVNACLPRHUIRSUCNINAH
EPSS
0.35%
27.1th percentile
A vulnerability exists in the Relion update package signature validation. A tampered update package could cause the IED to restart. After restart the device is back to normal operation.
An attacker could exploit the vulnerability by first gaining access to
the system with security privileges and attempt to update the IED
with a malicious update package. Successful exploitation of this
vulnerability will cause the IED to restart, causing a temporary Denial of Service.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hitachi_energy | relion_670_650_sam600-io_series | — | — |
| hitachi_energy | relion_670_650_sam600-io_series | — | — |
| hitachi_energy | relion_670_650_sam600-io_series | — | — |
| hitachi_energy | relion_670_650_sam600-io_series | — | — |
| hitachi_energy | relion_670_650_sam600-io_series | — | — |
| hitachi_energy | relion_670_650_sam600-io_series | — | — |
| hitachienergy | relion_650_firmware | — | — |
| hitachienergy | relion_650_firmware | — | — |
| hitachienergy | relion_650_firmware | — | — |
| hitachienergy | relion_650_firmware | — | — |
| hitachienergy | relion_670_firmware | — | — |
| hitachienergy | relion_670_firmware | — | — |
| hitachienergy | relion_670_firmware | — | — |
| hitachienergy | relion_670_firmware | — | — |
| hitachienergy | relion_670_firmware | — | — |
| hitachienergy | relion_670_firmware | — | — |
| hitachienergy | relion_sam600-io_firmware | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Hitachi Energy Relion 670, 650 and SAM600-IO Series (Update B)
cisa_ics·2026-02-03·CVSS 4.5
CVE-2022-3864 [MEDIUM] Hitachi Energy Relion 670, 650 and SAM600-IO Series (Update B)
ICS Advisory
##
Hitachi Energy Relion 670, 650 and SAM600-IO Series (Update B)
Last RevisedFebruary 03, 2026
Alert CodeICSA-23-068-05
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## Summary
Hitachi Energy is aware of a report from Nozomi Networks Labs, concerning the vulnerability CVE-2022-3864 affecting the Relion 670/650/SAM600-IO series versions listed below. Recommended actions for each affected version are listed in the “Recommended Immediate Actions” section of this document. An attacker who manages to get access with security privileges to the device, can start the update mechanism, supplying a malicious update package to the IED. When the system attempts to verify the tampered update package, a crash
GHSA
GHSA-5pj9-g7qw-3qwv: A vulnerability exists in the Relion update package signature validation
ghsa_unreviewed·2024-01-04
CVE-2022-3864 [MEDIUM] CWE-347 GHSA-5pj9-g7qw-3qwv: A vulnerability exists in the Relion update package signature validation
A vulnerability exists in the Relion update package signature validation. A tampered update package could cause the IED to restart. After restart the device is back to normal operation.
An attacker could exploit the vulnerability by first gaining access to
the system with security privileges and attempt to update the IED
with a malicious update package. Successful exploitation of this
vulnerability will cause the IED to restart, causing a temporary Denial of Service.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-01-04
Published