CVE-2023-5768
Severity CVSS v4.0:
Pending analysis
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
04/12/2023
Last modified:
07/12/2023
Description
A vulnerability exists in the HCI IEC 60870-5-104 that affects the RTU500 series product versions listed below. <br />
Incomplete or wrong received APDU frame layout may <br />
cause blocking on link layer. Error reason was an endless blocking when reading incoming frames on link layer <br />
with wrong length information of APDU or delayed reception <br />
of data octets.<br />
<br />
<br />
Only communication link of affected HCI IEC 60870-5-104 <br />
is blocked. If attack sequence stops the communication to <br />
the previously attacked link gets normal again.<br />
<br />
Impact
Base Score 3.x
6.10
Severity 3.x
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:o:hitachienergy:rtu520_firmware:*:*:*:*:*:*:*:* | 12.0.1 (including) | 12.0.14 (including) |
cpe:2.3:o:hitachienergy:rtu520_firmware:*:*:*:*:*:*:*:* | 12.2.1 (including) | 12.2.11 (including) |
cpe:2.3:o:hitachienergy:rtu520_firmware:*:*:*:*:*:*:*:* | 12.4.1 (including) | 12.4.11 (including) |
cpe:2.3:o:hitachienergy:rtu520_firmware:*:*:*:*:*:*:*:* | 12.6.1 (including) | 12.6.9 (including) |
cpe:2.3:o:hitachienergy:rtu520_firmware:*:*:*:*:*:*:*:* | 12.7.1 (including) | 12.7.6 (including) |
cpe:2.3:o:hitachienergy:rtu520_firmware:*:*:*:*:*:*:*:* | 13.2.1 (including) | 13.2.6 (including) |
cpe:2.3:o:hitachienergy:rtu520_firmware:*:*:*:*:*:*:*:* | 13.4.1 (including) | 13.4.3 (including) |
cpe:2.3:h:hitachienergy:rtu520:-:*:*:*:*:*:*:* | ||
cpe:2.3:o:hitachienergy:rtu530_firmware:*:*:*:*:*:*:*:* | 12.0.1 (including) | 12.0.14 (including) |
cpe:2.3:o:hitachienergy:rtu530_firmware:*:*:*:*:*:*:*:* | 12.2.1 (including) | 12.2.11 (including) |
cpe:2.3:o:hitachienergy:rtu530_firmware:*:*:*:*:*:*:*:* | 12.4.1 (including) | 12.4.11 (including) |
cpe:2.3:o:hitachienergy:rtu530_firmware:*:*:*:*:*:*:*:* | 12.6.1 (including) | 12.6.9 (including) |
cpe:2.3:o:hitachienergy:rtu530_firmware:*:*:*:*:*:*:*:* | 12.7.1 (including) | 12.7.6 (including) |
cpe:2.3:o:hitachienergy:rtu530_firmware:*:*:*:*:*:*:*:* | 13.2.1 (including) | 13.2.6 (including) |
cpe:2.3:o:hitachienergy:rtu530_firmware:*:*:*:*:*:*:*:* | 13.4.1 (including) | 13.4.3 (including) |
To consult the complete list of CPE names with products and versions, see this page