Lucene search

Hitachi EnergyCVELIST:CVE-2022-4608

HistoryJul 26, 2023 - 5:26 a.m.

CVE-2022-4608

2023-07-2605:26:42

CWE-787

Hitachi Energy

www.cve.org

vulnerability

hci

iec 60870-5-104

rtu500 series

stack overflow

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

34.1%

JSON

A vulnerability exists in HCI IEC 60870-5-104 function included in certain versions of the RTU500 series product. The vulnerability can only be exploited, if the HCI 60870-5-104 is configured with support for IEC 62351-3. After session resumption interval is expired an RTU500 initiated update of session parameters causes an unexpected restart due to a stack overflow.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "RTU500 series",
    "vendor": "Hitachi Energy",
    "versions": [
      {
        "status": "affected",
        "version": "RTU500 series CMU Firmware version 13.3.1"
      },
      {
        "status": "affected",
        "version": "RTU500 series CMU Firmware version 13.3.2"
      },
      {
        "status": "unaffected",
        "version": "RTU500 series CMU Firmware version 13.3.3"
      },
      {
        "status": "unaffected",
        "version": "RTU500 series CMU Firmware version 13.4.1"
      }
    ]
  }
]

References

publisher.hitachienergy.com/preview?DocumentID=8DBD000121&LanguageCode=en&DocumentPartId=&Action=Launch

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

34.1%

JSON

Related for CVELIST:CVE-2022-4608