CVE-2023-4518

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
01/12/2023
Last modified:
23/09/2024

Description

A vulnerability exists in the input validation of the GOOSE <br /> messages where out of range values received and processed <br /> by the IED caused a reboot of the device. In order for an <br /> attacker to exploit the vulnerability, goose receiving blocks need <br /> to be configured.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:hitachienergy:relion_670_firmware:*:*:*:*:*:*:*:* 2.2.0 (including) 2.2.2.6 (excluding)
cpe:2.3:o:hitachienergy:relion_670_firmware:*:*:*:*:*:*:*:* 2.2.3 (including) 2.2.3.7 (excluding)
cpe:2.3:o:hitachienergy:relion_670_firmware:*:*:*:*:*:*:*:* 2.2.4 (including) 2.2.4.4 (excluding)
cpe:2.3:o:hitachienergy:relion_670_firmware:*:*:*:*:*:*:*:* 2.2.5 (including) 2.2.5.6 (excluding)
cpe:2.3:h:hitachienergy:relion_670:-:*:*:*:*:*:*:*
cpe:2.3:o:hitachienergy:relion_650_firmware:*:*:*:*:*:*:*:* 2.2.4 (including) 2.2.4.4 (excluding)
cpe:2.3:o:hitachienergy:relion_650_firmware:*:*:*:*:*:*:*:* 2.2.5 (including) 2.2.5.6 (excluding)
cpe:2.3:o:hitachienergy:relion_650_firmware:2.2.1:*:*:*:*:*:*:*
cpe:2.3:o:hitachienergy:relion_650_firmware:2.2.1.6:*:*:*:*:*:*:*
cpe:2.3:h:hitachienergy:relion_650:-:*:*:*:*:*:*:*
cpe:2.3:o:hitachienergy:relion_sam600-io_firmware:*:*:*:*:*:*:*:* 2.2.5 (including) 2.2.5.6 (excluding)
cpe:2.3:o:hitachienergy:relion_sam600-io_firmware:2.2.1:*:*:*:*:*:*:*
cpe:2.3:o:hitachienergy:relion_sam600-io_firmware:2.2.1.6:*:*:*:*:*:*:*
cpe:2.3:h:hitachienergy:relion_sam600-io:-:*:*:*:*:*:*:*