Buffer Overflow Vulnerability in RTU500 Series by Hitachi Energy
CVE-2023-6711

7.5HIGH

Key Information:

Vendor: Hitachi
Status: Rtu500 Series Cmu Firmware
Vendor: CVE Published:; 19 December 2023

Summary

A vulnerability has been identified in the RTU500 series, where specially crafted messages sent to the SCI IEC 60870-5-104 and HCI IEC 60870-5-104 components are inadequately validated. This oversight can lead to a buffer overflow, potentially resulting in the unexpected reboot of an RTU500 CMU, disrupting crucial industrial control operations.

Affected Version(s)

RTU500 series CMU Firmware 12.0.1 <= 12.0.14

RTU500 series CMU Firmware 12.2.1 <= 12.2.11

RTU500 series CMU Firmware 12.4.1 <= 12.4.11

References

https://publisher.hitachienergy.com/preview?DocumentId=8D...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 19, 2023
Vulnerability Reserved
Dec 12, 2023