CVE-2023-5768

Published: Dec 4, 2023Modified: Nov 21, 2024

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

A vulnerability exists in the HCI IEC 60870-5-104 that affects the RTU500 series product versions listed below. Incomplete or wrong received APDU frame layout may cause blocking on link layer. Error reason was an endless blocking when reading incoming frames on link layer with wrong length information of APDU or delayed reception of data octets. Only communication link of affected HCI IEC 60870-5-104 is blocked. If attack sequence stops the communication to the previously attacked link gets normal again.

Affected (28)

Products: Hitachienergy: Rtu520 Firmware, Rtu530 Firmware, Rtu540 Firmware, Rtu560 Firmware

4 products

Configuration A

7 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hitachienergy Rtu520 Firmware	From 12.0.1 to 12.0.14
Hitachienergy Rtu520 Firmware	From 12.2.1 to 12.2.11
Hitachienergy Rtu520 Firmware	From 12.4.1 to 12.4.11
Hitachienergy Rtu520 Firmware	From 12.6.1 to 12.6.9
Hitachienergy Rtu520 Firmware	From 12.7.1 to 12.7.6
Hitachienergy Rtu520 Firmware	From 13.2.1 to 13.2.6
Hitachienergy Rtu520 Firmware	From 13.4.1 to 13.4.3

Running on/with	Platform Versions
Hitachienergy Rtu520	All versions

Configuration B

7 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hitachienergy Rtu530 Firmware	From 12.0.1 to 12.0.14
Hitachienergy Rtu530 Firmware	From 12.2.1 to 12.2.11
Hitachienergy Rtu530 Firmware	From 12.4.1 to 12.4.11
Hitachienergy Rtu530 Firmware	From 12.6.1 to 12.6.9
Hitachienergy Rtu530 Firmware	From 12.7.1 to 12.7.6
Hitachienergy Rtu530 Firmware	From 13.2.1 to 13.2.6
Hitachienergy Rtu530 Firmware	From 13.4.1 to 13.4.3

Running on/with	Platform Versions
Hitachienergy Rtu530	All versions

Configuration C

7 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hitachienergy Rtu540 Firmware	From 12.0.1 to 12.0.14
Hitachienergy Rtu540 Firmware	From 12.2.1 to 12.2.11
Hitachienergy Rtu540 Firmware	From 12.4.1 to 12.4.11
Hitachienergy Rtu540 Firmware	From 12.6.1 to 12.6.9
Hitachienergy Rtu540 Firmware	From 12.7.1 to 12.7.6
Hitachienergy Rtu540 Firmware	From 13.2.1 to 13.2.6
Hitachienergy Rtu540 Firmware	From 13.4.1 to 13.4.3

Running on/with	Platform Versions
Hitachienergy Rtu540	All versions

Configuration D

7 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hitachienergy Rtu560 Firmware	From 12.0.1 to 12.0.14
Hitachienergy Rtu560 Firmware	From 12.2.1 to 12.2.11
Hitachienergy Rtu560 Firmware	From 12.4.1 to 12.4.11
Hitachienergy Rtu560 Firmware	From 12.6.1 to 12.6.9
Hitachienergy Rtu560 Firmware	From 12.7.1 to 12.7.6
Hitachienergy Rtu560 Firmware	From 13.2.1 to 13.2.6
Hitachienergy Rtu560 Firmware	From 13.4.1 to 13.4.3

Running on/with	Platform Versions
Hitachienergy Rtu560	All versions

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

https://publisher.hitachienergy.com/preview?DocumentId=8DBD000176&languageCode=en&Preview=true

Source: cybersecurity@hitachienergy.com

Vendor Advisory

https://publisher.hitachienergy.com/preview?DocumentId=8DBD000176&languageCode=en&Preview=true

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.