CVE-2022-2513: Cleartext Credentials Vulnerability on Hitachi Energy’s Multiple IED Connectivity Packages (IED ConnPacks) and PCM600 Products

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-2513

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Cleartext Credentials Vulnerability on Hitachi Energy’s Multiple IED Connectivity Packages (IED ConnPacks) and PCM600 Products

Source: NVD (National Vulnerability Database)

Vulnerability Description

A vulnerability exists in the Intelligent Electronic Device (IED) Connectivity Package (ConnPack) credential storage function in Hitachi Energy’s PCM600 product included in the versions listed below, where IEDs credentials are stored in a cleartext format in the PCM600 database and logs files. An attacker having get access to the exported backup file can exploit the vulnerability and obtain user credentials of the IEDs. Additionally, an attacker with administrator access to the PCM600 host machine can obtain other user credentials by analyzing database log files. The credentials may be used to perform unauthorized modifications such as loading incorrect configurations, reboot the IEDs or cause a denial-of-service on the IEDs.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

敏感数据的明文存储

Source: NVD (National Vulnerability Database)

Vulnerability Title

Hitachi Energy PCM600 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Hitachi Energy PCM600是日本日立制作所（Hitachi）公司的简化保护和控制继电器的管理工具。 Hitachi Energy PCM600存在安全漏洞。攻击者利用该漏洞获取IEDs的凭据。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE
Hitachi Energy	PCM600	v2.6 ~ 2.11 Hotfix 20220617	-
Hitachi Energy	670 Connectivity Package	3.0 ~ 3.4.1	-
Hitachi Energy	650 Connectivity Package	1.3 ~ 2.4.1	-
Hitachi Energy	SAM600-IO Connectivity Package	1.0 ~ 1.2	-
Hitachi Energy	GMS600 Connectivity Package	1.3 ~ 1.3.1	-
Hitachi Energy	PWC600 Connectivity Package	1.1 ~ 1.3	-

II. Public POCs for CVE-2022-2513

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2022-2513

Please Login to view more intelligence information

IV. Related Vulnerabilities

Same product: PCM600

CVE-2021-22278
Certificate verification vulnerability in Update Manager of

Same vendor: Hitachi Energy

Same weakness: CWE-312

V. Comments for CVE-2022-2513

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2022-2513

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2022-2513

III. Intelligence Information for CVE-2022-2513

IV. Related Vulnerabilities

V. Comments for CVE-2022-2513

Leave a comment