cbcvebase.
CVE-2022-3864
published 2024-01-04

CVE-2022-3864: A vulnerability exists in the Relion update package signature validation. A tampered update package could cause the IED to restart. After restart the device is…

PriorityP417medium4.5CVSS 3.1
AVNACLPRHUIRSUCNINAH
EPSS
0.35%
27.1th percentile
A vulnerability exists in the Relion update package signature validation. A tampered update package could cause the IED to restart. After restart the device is back to normal operation. An attacker could exploit the vulnerability by first gaining access to the system with security privileges and attempt to update the IED with a malicious update package. Successful exploitation of this vulnerability will cause the IED to restart, causing a temporary Denial of Service.

Affected

17 ranges
VendorProductVersion rangeFixed in
hitachi_energyrelion_670_650_sam600-io_series
hitachi_energyrelion_670_650_sam600-io_series
hitachi_energyrelion_670_650_sam600-io_series
hitachi_energyrelion_670_650_sam600-io_series
hitachi_energyrelion_670_650_sam600-io_series
hitachi_energyrelion_670_650_sam600-io_series
hitachienergyrelion_650_firmware
hitachienergyrelion_650_firmware
hitachienergyrelion_650_firmware
hitachienergyrelion_650_firmware
hitachienergyrelion_670_firmware
hitachienergyrelion_670_firmware
hitachienergyrelion_670_firmware
hitachienergyrelion_670_firmware
hitachienergyrelion_670_firmware
hitachienergyrelion_670_firmware
hitachienergyrelion_sam600-io_firmware
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.