CVE-2023-4518

7.5HIGH

Key Information

Vendor: Hitachi
Status: Relion670
Vendor: CVE Published:; 1 December 2023

Summary

A vulnerability exists in the input validation of the GOOSE messages where out of range values received and processed by the IED caused a reboot of the device. In order for an attacker to exploit the vulnerability, goose receiving blocks need to be configured.

Affected Version(s)

Relion670 <= Relion 670 series version 2.2.0 all revisions

Relion670 = Relion 670 series version 2.2.0 all revisions

Relion670 = Relion 670/650/SAM600-IO series version 2.2.1 all revisions

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Risk change from: 7.5 to: 6.5 - (MEDIUM)
Sep 23, 2024
Vulnerability published.
Dec 1, 2023
Vulnerability Reserved.
Aug 24, 2023

Collectors

NVD DatabaseMitre Database