CVE-2022-29492
Improper Input Validation vulnerability in the handling of a malformed IEC 104 TCP packet in the Hitachi Energy MicroSCADA X SYS600, MicroSCADA Pro SYS600. Upon receiving a malformed IEC 104 TCP packet, the malformed packet is dropped, however the TCP connection is left open. This may cause a denial-of-service if the affected connection is left open.
This issue affects: Hitachi Energy MicroSCADA Pro SYS600 version 9.4 FP2 Hotfix 4 and earlier versions Hitachi Energy MicroSCADA X SYS600 version 10 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.0::::::: cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.1::::::: cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.2::::::: cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.3::::::: cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4::::::: cpe:2.3:a:hitachienergy:microscada_x_sys600:10::::::: cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1::::::: cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1::::::: cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2::::::: cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1::::::: cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3::::::: cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:::::::.
- SSVC automatable: yes - attacks can be scripted at scale
ATT&CK techniques
7Techniques this CVE enables - linked via CWECAPECATT&CK. High◆ = named directly in ATT&CK or Nuclei templates.
CAPEC attack patterns
12Attack patterns this CVE enables - the bridge from weakness to ATT&CK technique.