Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Relion_670_firmware
(Hitachienergy)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 8 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-01-04 | CVE-2022-3864 | A vulnerability exists in the Relion update package signature validation. A tampered update package could cause the IED to restart. After restart the device is back to normal operation. An attacker could exploit the vulnerability by first gaining access to the system with security privileges and attempt to update the IED with a malicious update package. Successful exploitation of this vulnerability will cause the IED to restart, causing a temporary Denial of Service. | Relion_650_firmware, Relion_670_firmware, Relion_sam600\-Io_firmware | 4.5 | ||
| 2023-12-01 | CVE-2023-4518 | A vulnerability exists in the input validation of the GOOSE messages where out of range values received and processed by the IED caused a reboot of the device. In order for an attacker to exploit the vulnerability, goose receiving blocks need to be configured. | Relion_650_firmware, Relion_670_firmware, Relion_sam600\-Io_firmware | 7.5 | ||
| 2023-02-21 | CVE-2022-3353 | A vulnerability exists in the IEC 61850 communication stack that affects multiple Hitachi Energy products. An attacker could exploit the vulnerability by using a specially crafted message sequence, to force the IEC 61850 MMS-server communication stack, to stop accepting new MMS-client connections. Already existing/established client-server connections are not affected. List of affected CPEs: * cpe:2.3:o:hitachienergy:fox61x_tego1:r15b08:*:*:*:*:*:*:* * ... | Fox615_tego1_firmware, Gms600_firmware, Itt600_sa_explorer, Modular_switchgear_monitoring_firmware, Pwc600_firmware, Reb500_firmware, Relion_650_firmware, Relion_670_firmware, Relion_sam600\-Io_firmware, Rtu500_firmware, Sys600_firmware, Txpert_hub_coretec_4_firmware, Txpert_hub_coretec_5_firmware | 7.5 | ||
| 2019-11-27 | CVE-2019-18253 | An attacker could use specially crafted paths in a specific request to read or delete files from Relion 670 Series (versions 1p1r26, 1.2.3.17, 2.0.0.10, RES670 2.0.0.4, 2.1.0.1, and prior) outside the intended directory. | Relion_670_firmware | 10.0 | ||
| 2019-11-27 | CVE-2019-18247 | An attacker may use a specially crafted message to force Relion 650 series (versions 1.3.0.5 and prior) or Relion 670 series (versions 1.2.3.18, 2.0.0.11, 2.1.0.1 and prior) to reboot, which could cause a denial of service. | Relion_650_firmware, Relion_670_firmware | 7.5 | ||
| 2021-06-14 | CVE-2021-27196 | Improper Input Validation vulnerability in Hitachi ABB Power Grids Relion 670 Series, Relion 670/650 Series, Relion 670/650/SAM600-IO, Relion 650, REB500, RTU500 Series, FOX615 (TEGO1), MSM, GMS600, PWC600 allows an attacker with access to the IEC 61850 network with knowledge of how to reproduce the attack, as well as the IP addresses of the different IEC 61850 access points (of IEDs/products), to force the device to reboot, which renders the device inoperable for approximately 60 seconds.... | Fox615_tego1_firmware, Gms600_firmware, Modular_switchgear_monitoring_firmware, Pwc600_firmware, Reb500_firmware, Relion_650_firmware, Relion_670_firmware, Relion_sam600\-Io_firmware, Rtu500_firmware | 7.5 | ||
| 2021-11-18 | CVE-2021-35534 | Insufficient security control vulnerability in internal database access mechanism of Hitachi Energy Relion 670/650/SAM600-IO, Relion 650, GMS600, PWC600 allows attacker who successfully exploited this vulnerability, of which the product does not sufficiently restrict access to an internal database tables, could allow anybody with user credentials to bypass security controls that is enforced by the product. Consequently, exploitation may lead to unauthorized modifications on data/firmware,... | Gms600_firmware, Pwc600_firmware, Relion_650_firmware, Relion_670_firmware, Relion_sam600\-Io_firmware | 7.2 | ||
| 2021-11-18 | CVE-2021-35535 | Insecure Boot Image vulnerability in Hitachi Energy Relion Relion 670/650/SAM600-IO series allows an attacker who manages to get access to the front network port and to cause a reboot sequences of the device may exploit the vulnerability, where there is a tiny time gap during the booting process where an older version of VxWorks is loaded prior to application firmware booting, could exploit the vulnerability in the older version of VxWorks and cause a denial-of-service on the product. This... | Relion_650_firmware, Relion_670_firmware, Relion_sam600\-Io_firmware | 8.1 |