Vulnerability in stb-language file handling affects RTU500 series products

CVE-2024-1531

8.2HIGH

Key Information

Vendor: Hitachi
Status: Rtu500 Series Cmu Firmware
Vendor: CVE Published:; 27 March 2024

Summary

A vulnerability exists in the stb-language file handling that affects the RTU500 series product versions listed below. A malicious actor could print random memory content in the RTU500 system log, if an authorized user uploads a specially crafted stb-language file.

Affected Version(s)

RTU500 series CMU firmware <= 12.0.14

RTU500 series CMU firmware <= 12.2.11

RTU500 series CMU firmware <= 12.4.11

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published.
Mar 27, 2024
Vulnerability Reserved.
Feb 15, 2024

Collectors

NVD DatabaseMitre Database