Vulnerability in stb-language file handling affects RTU500 series products
CVE-2024-1531

8.2HIGH

Key Information:

Vendor: Hitachi
Status: Rtu500 Series Cmu Firmware
Vendor: CVE Published:; 27 March 2024

Summary

A vulnerability in the stb-language file handling within Hitachi Energy's RTU500 series products poses a risk where a malicious actor can exploit the system by uploading a specially crafted stb-language file. This action may result in the unauthorized printing of random memory content into the RTU500 system log, potentially exposing sensitive information. Users of the affected RTU500 series versions are advised to remain vigilant and consider applying necessary security measures to mitigate this risk.

Affected Version(s)

RTU500 series CMU firmware 12.0.1 <= 12.0.14

RTU500 series CMU firmware 12.2.1 <= 12.2.11

RTU500 series CMU firmware 12.4.1 <= 12.4.11

References

https://publisher.hitachienergy.com/preview?DocumentId=8D...

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Mar 27, 2024
Vulnerability Reserved
Feb 15, 2024