← Back

CVE-2023-4518

nvd nist
Published: Dec 1, 2023Modified: Nov 21, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

A vulnerability exists in the input validation of the GOOSE messages where out of range values received and processed by the IED caused a reboot of the device. In order for an attacker to exploit the vulnerability, goose receiving blocks need to be configured.

Affected (11)

Hitachienergy
3 products
Relion 670 Firmware
Relion 650 Firmware
Relion Sam600 Io Firmware
Configuration A
4 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Hitachienergy
Relion 670 Firmware
From 2.2.0 to 2.2.2.6
Relion 670 Firmware
From 2.2.3 to 2.2.3.7
Relion 670 Firmware
From 2.2.4 to 2.2.4.4
Relion 670 Firmware
From 2.2.5 to 2.2.5.6
Running on/withPlatform Versions
Hitachienergy
Relion 670
All versions
Configuration B
4 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Hitachienergy
Relion 650 Firmware
From 2.2.4 to 2.2.4.4
Relion 650 Firmware
From 2.2.5 to 2.2.5.6
Relion 650 Firmware
Version 2.2.1.6
Relion 650 Firmware
Version 2.2.1
Running on/withPlatform Versions
Hitachienergy
Relion 650
All versions
Configuration C
3 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Hitachienergy
Relion Sam600 Io Firmware
From 2.2.5 to 2.2.5.6
Relion Sam600 Io Firmware
Version 2.2.1.6
Relion Sam600 Io Firmware
Version 2.2.1
Running on/withPlatform Versions
Hitachienergy
Relion Sam600 Io
All versions

Related CWEs

CWE-1284
Improper Validation of Specified Quantity in Input
The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.

References (2)

Source: cybersecurity@hitachienergy.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.