CVE-2022-2081

Published: Jan 4, 2024Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A vulnerability exists in the HCI Modbus TCP function included in the product versions listed above. If the HCI Modbus TCP is enabled and configured, an attacker could exploit the vulnerability by sending a specially crafted message to the RTU500 in a high rate, causing the targeted RTU500 CMU to reboot. The vulnerability is caused by a lack of flood control which eventually if exploited causes an internal stack overflow in the HCI Modbus TCP function.

Affected (28)

Products: Hitachienergy: Rtu520 Firmware, Rtu530 Firmware, Rtu540 Firmware, Rtu560 Firmware

4 products

Configuration A

7 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hitachienergy Rtu520 Firmware	From 12.0.1 to 12.0.13
Hitachienergy Rtu520 Firmware	From 12.2.1 to 12.2.11
Hitachienergy Rtu520 Firmware	From 12.4.1 to 12.4.11
Hitachienergy Rtu520 Firmware	From 12.6.1 to 12.6.7
Hitachienergy Rtu520 Firmware	From 12.7.1 to 12.7.3
Hitachienergy Rtu520 Firmware	From 13.2.1 to 13.2.4
Hitachienergy Rtu520 Firmware	Version 13.3.1

Running on/with	Platform Versions
Hitachienergy Rtu520	All versions

Configuration B

7 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hitachienergy Rtu530 Firmware	From 12.0.1 to 12.0.13
Hitachienergy Rtu530 Firmware	From 12.2.1 to 12.2.11
Hitachienergy Rtu530 Firmware	From 12.4.1 to 12.4.11
Hitachienergy Rtu530 Firmware	From 12.6.1 to 12.6.7
Hitachienergy Rtu530 Firmware	From 12.7.1 to 12.7.3
Hitachienergy Rtu530 Firmware	From 13.2.1 to 13.2.4
Hitachienergy Rtu530 Firmware	Version 13.3.1

Running on/with	Platform Versions
Hitachienergy Rtu530	All versions

Configuration C

7 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hitachienergy Rtu540 Firmware	From 12.0.1 to 12.0.13
Hitachienergy Rtu540 Firmware	From 12.2.1 to 12.2.11
Hitachienergy Rtu540 Firmware	From 12.4.1 to 12.4.11
Hitachienergy Rtu540 Firmware	From 12.6.1 to 12.6.7
Hitachienergy Rtu540 Firmware	From 12.7.1 to 12.7.3
Hitachienergy Rtu540 Firmware	From 13.2.1 to 13.2.4
Hitachienergy Rtu540 Firmware	Version 13.3.1

Running on/with	Platform Versions
Hitachienergy Rtu540	All versions

Configuration D

7 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hitachienergy Rtu560 Firmware	From 12.0.1 to 12.0.13
Hitachienergy Rtu560 Firmware	From 12.2.1 to 12.2.11
Hitachienergy Rtu560 Firmware	From 12.4.1 to 12.4.11
Hitachienergy Rtu560 Firmware	From 12.6.1 to 12.6.7
Hitachienergy Rtu560 Firmware	From 12.7.1 to 12.7.3
Hitachienergy Rtu560 Firmware	From 13.2.1 to 13.2.4
Hitachienergy Rtu560 Firmware	Version 13.3.1

Running on/with	Platform Versions
Hitachienergy Rtu560	All versions

Related CWEs

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

https://publisher.hitachienergy.com/preview?DocumentID=8DBD000111&LanguageCode=en&DocumentPartId=&Action=Launch

Source: cybersecurity@hitachienergy.com

Vendor Advisory

https://publisher.hitachienergy.com/preview?DocumentID=8DBD000111&LanguageCode=en&DocumentPartId=&Action=Launch

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.