Hitachienergy Relion 650 Firmware vulnerabilities
7 known vulnerabilities affecting hitachienergy/relion_650_firmware.
Total CVEs
7
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH6MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2021-27196P3HIGHCVSS 7.5≥ 1.3, < 1.3.0.7≥ 2.2.0, < 2.2.0.13+4 more2021-06-14
CVE-2021-27196 [HIGH] CWE-20 CVE-2021-27196: Improper Input Validation vulnerability in Hitachi ABB Power Grids Relion 670 Series, Relion 670/650
Improper Input Validation vulnerability in Hitachi ABB Power Grids Relion 670 Series, Relion 670/650 Series, Relion 670/650/SAM600-IO, Relion 650, REB500, RTU500 Series, FOX615 (TEGO1), MSM, GMS600, PWC600 allows an attacker with access to the IEC 61850 network with knowledge of how to reproduce the attack, as well as the IP addresses of the different
nvd
CVE-2021-35534P3HIGHCVSS 7.2v1.0.0v1.1.0+7 more2021-11-18
CVE-2021-35534 [HIGH] CWE-274 CVE-2021-35534: Insufficient security control vulnerability in internal database access mechanism of Hitachi Energy
Insufficient security control vulnerability in internal database access mechanism of Hitachi Energy Relion 670/650/SAM600-IO, Relion 650, GMS600, PWC600 allows attacker who successfully exploited this vulnerability, of which the product does not sufficiently restrict access to an internal database tables, could allow anybody with user credentials to by
nvd
CVE-2021-35535P3HIGHCVSS 8.1v2.2.0v2.2.1+1 more2021-11-18
CVE-2021-35535 [HIGH] CWE-1188 CVE-2021-35535: Insecure Boot Image vulnerability in Hitachi Energy Relion Relion 670/650/SAM600-IO series allows an
Insecure Boot Image vulnerability in Hitachi Energy Relion Relion 670/650/SAM600-IO series allows an attacker who manages to get access to the front network port and to cause a reboot sequences of the device may exploit the vulnerability, where there is a tiny time gap during the booting process where an older version of VxWorks is loaded prior to ap
nvd
CVE-2022-3353P3HIGHCVSS 7.5v1.1v1.3+7 more2023-02-21
CVE-2022-3353 [HIGH] CWE-404 CVE-2022-3353: A vulnerability exists in the IEC 61850 communication stack that affects multiple Hitachi Energy
A vulnerability exists in the IEC 61850 communication stack that affects multiple Hitachi Energy products.
An attacker could exploit the vulnerability by using a specially crafted message sequence, to force the IEC 61850 MMS-server communication stack, to stop accepting new MMS-client connections.
Already existing/established client-server connections ar
nvd
CVE-2023-4518P3HIGHCVSS 7.5≥ 2.2.4, < 2.2.4.4≥ 2.2.5, < 2.2.5.6+2 more2023-12-01
CVE-2023-4518 [HIGH] CWE-1284 CVE-2023-4518: A vulnerability exists in the input validation of the GOOSE messages where out of range values rece
A vulnerability exists in the input validation of the GOOSE
messages where out of range values received and processed
by the IED caused a reboot of the device. In order for an
attacker to exploit the vulnerability, goose receiving blocks need
to be configured.
nvd
CVE-2019-18247P3HIGHCVSS 7.5≤ 1.3.0.52019-11-27
CVE-2019-18247 [HIGH] CWE-20 CVE-2019-18247: An attacker may use a specially crafted message to force Relion 650 series (versions 1.3.0.5 and pri
An attacker may use a specially crafted message to force Relion 650 series (versions 1.3.0.5 and prior) or Relion 670 series (versions 1.2.3.18, 2.0.0.11, 2.1.0.1 and prior) to reboot, which could cause a denial of service.
nvd
CVE-2022-3864P4MEDIUMCVSS 4.5v2.2.0v2.2.1+2 more2024-01-04
CVE-2022-3864 [MEDIUM] CWE-347 CVE-2022-3864: A vulnerability exists in the Relion update package signature validation. A tampered update package
A vulnerability exists in the Relion update package signature validation. A tampered update package could cause the IED to restart. After restart the device is back to normal operation.
An attacker could exploit the vulnerability by first gaining access to
the system with security privileges and attempt to update the IED
with a malicious update package
nvd