Stack Overflow Vulnerability in RTU500 Series by Hitachi Energy
CVE-2022-4608

7.5HIGH

Key Information:

Vendor: Hitachi
Status: Rtu500 Series
Vendor: CVE Published:; 26 July 2023

Summary

A stack overflow vulnerability exists in the HCI IEC 60870-5-104 function of specific RTU500 series versions configured with IEC 62351-3 support. When the session resumption interval expires, an update of session parameters initiated by the RTU500 can lead to unexpected restarts, potentially compromising the system's reliability.

Affected Version(s)

RTU500 series RTU500 series CMU Firmware version 13.3.1

RTU500 series RTU500 series CMU Firmware version 13.3.2

RTU500 series RTU500 series CMU Firmware version 13.3.3

References

https://publisher.hitachienergy.com/preview?DocumentID=8D...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 26, 2023
Vulnerability Reserved
Dec 19, 2022