Vulnerabilities > CVE-2022-28613 - Improper Validation of Specified Quantity in Input vulnerability in multiple products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

abb

hitachienergy

CWE-1284

NVD

Published: 2022-05-02

Updated: 2024-09-25

Summary

A vulnerability exists in the HCI Modbus TCP function included in the product versions listed above. If the HCI Modbus TCP is en-abled and configured, an attacker could exploit the vulnerability by sending a specially crafted message to the RTU500, causing the receiving RTU500 CMU to reboot. The vulnerability is caused by the validation error in the length information carried in MBAP header in the HCI Modbus TCP function.

Vulnerable Configurations

Part	Description	Count
OS	Abb ABB Rtu500 Firmware 12.2.1.0 ABB Rtu500 Firmware 12.2.11.0	2
OS	Hitachienergy Hitachienergy Rtu500 Firmware 12.0.1.0 Hitachienergy Rtu500 Firmware 12.0.13.0 Hitachienergy Rtu500 Firmware 12.4.1.0 Hitachienergy Rtu500 Firmware 12.4.11.0 Hitachienergy Rtu500 Firmware 12.6.1.0 Hitachienergy Rtu500 Firmware 12.6.7.0 Hitachienergy Rtu500 Firmware 12.6.8.0 Hitachienergy Rtu500 Firmware 12.7.4.0 Hitachienergy Rtu500 Firmware 13.2.1.0 Hitachienergy Rtu500 Firmware 13.2.4.0	10
Hardware	Hitachienergy Hitachienergy Rtu500 -	1

Common Weakness Enumeration (CWE)

CWE-1284 - Improper Validation of Specified Quantity in Input

References

https://publisher.hitachienergy.com/preview?DocumentID=8DBD000103&LanguageCode=en&DocumentPartId=&Action=Launch