Vulnerabilities > CVE-2022-4608 - Out-of-bounds Write vulnerability in Hitachienergy Rtu500 Firmware

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

hitachienergy

CWE-787

NVD

Published: 2023-07-26

Updated: 2024-09-25

Summary

A vulnerability exists in HCI IEC 60870-5-104 function included in certain versions of the RTU500 series product. The vulnerability can only be exploited, if the HCI 60870-5-104 is configured with support for IEC 62351-3. After session resumption interval is expired an RTU500 initiated update of session parameters causes an unexpected restart due to a stack overflow.

Vulnerable Configurations

Part	Description	Count
OS	Hitachienergy Hitachienergy Rtu500 Firmware 13.3.1 Hitachienergy Rtu500 Firmware 13.3.2 Hitachienergy Rtu500 Firmware 13.3.3 Hitachienergy Rtu500 Firmware 13.4.1	4
Hardware	Hitachienergy Hitachienergy Rtu500 -	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://publisher.hitachienergy.com/preview?DocumentID=8DBD000121&LanguageCode=en&DocumentPartId=&Action=Launch