What is CVE-2022-3864?

A medium-severity vulnerability in Hitachi Energy's Relion firmware could lead to a temporary Denial of Service. Organizations should prioritize patching to mitigate potential impacts.

What is the severity of CVE-2022-3864?

CVE-2022-3864 has a severity rating of MEDIUM with a CVSS base score of 4.5.

CVE-2022-3864 | Medium Vulnerability in Hitachi Energy Relion Firmware

A vulnerability exists in the Relion update package signature validation. A tampered update package could cause the IED to restart. After restart, the device is back to normal operation. An attacker could exploit the vulnerability by first gaining access to the system with security privileges and attempt to update the IED with a malicious update package. Successful exploitation of this vulnerability will cause the IED to restart, causing a temporary Denial of Service.

The vulnerability has been classified with a CVSS score of 4.5, indicating a medium severity level. This score reflects the potential impact on availability due to the temporary Denial of Service it may cause. The affected systems include various firmware versions of Hitachi Energy's Relion products, specifically version 2.2.0 to 2.2.5 for both the 650 and 670 firmware, and version 2.2.1 for the SAM600-IO firmware.

Risk to organizations includes potential downtime and disruption of service, which can affect operations relying on these devices. Organizations should prioritize patching immediately to mitigate the risk associated with this vulnerability.

Currently, there are no known public exploits for this vulnerability, and it has not been included in the Known Exploited Vulnerabilities (KEV) catalog. However, the presence of this vulnerability in networked environments warrants immediate attention.

Vulnerability Details

This vulnerability allows a privileged user to exploit the Relion update package signature validation. The potential attack vector is through the network, with low attack complexity required. The attacker must have high privileges and user interaction is necessary for exploitation.

The official CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H. The availability impact is rated high, indicating a significant effect on the device’s uptime during an exploitation attempt.

Technical Analysis

The root cause of this vulnerability is the improper validation of update package signatures, allowing an attacker with system access to replace a legitimate update with a malicious one. The attack vector is primarily network-based, meaning the attacker could initiate the exploit remotely.

Given that high privileges are required, this vulnerability is particularly concerning for environments where the integrity of firmware updates is critical. Successful exploitation leads to a temporary Denial of Service as the device restarts, but the system returns to normal operation after the restart.

Risk & Impact Analysis

Real-world deployment risk is significant, especially in critical infrastructure systems relying on Hitachi Energy's Relion products. The availability issue could disrupt operational continuity, potentially impacting services reliant on these devices.

The blast radius is concerning, as multiple versions of firmware across different devices are affected. Organizations should assess their deployment of Hitachi Energy products and prioritize remediation efforts based on this vulnerability’s severity.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The following versions of Hitachi Energy Relion firmware are affected by this vulnerability:

- Relion 650 Firmware versions 2.2.0, 2.2.1, 2.2.4, 2.2.5 - Relion 670 Firmware versions 2.2.0, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.2.5 - Relion SAM600-IO Firmware version 2.2.1

Mitigation & Remediation

Organizations should prioritize updating their systems to the latest firmware versions provided by Hitachi Energy to mitigate the risk associated with this vulnerability. If a patch is not available, consider implementing configuration hardening to restrict access to update functionalities.

For further information on mitigating vulnerabilities, organizations may consider reviewing the guidelines provided in our penetration testing services.

Detection Guidance

Organizations should monitor logs for any unauthorized attempts to modify firmware packages. Detection mechanisms should look for behavioral anomalies indicative of tampering with update processes.

AppSecure Threat Intelligence Insight

The long-term significance of this vulnerability lies in the increasing reliance on automated update mechanisms in critical infrastructure. This incident underscores the need for robust validation of update packages to prevent unauthorized modifications.

Security teams should consider implementing layered security practices, including regular audits of update processes and user access controls to minimize the risk associated with vulnerabilities such as this.

For more insights on security practices, refer to our articles on penetration testing methodology and vulnerability management program design to enhance your organization's security posture.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2022-3864: Medium Vulnerability in Hitachi Energy Relion Firmware