Vulnerabilities > Hitachienergy
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-04 | CVE-2022-2081 | Out-of-bounds Write vulnerability in Hitachienergy products A vulnerability exists in the HCI Modbus TCP function included in the product versions listed above. | 7.5 |
| 2024-01-04 | CVE-2022-3864 | Improper Verification of Cryptographic Signature vulnerability in Hitachienergy products A vulnerability exists in the Relion update package signature validation. | 4.5 |
| 2023-12-19 | CVE-2023-1514 | Improper Certificate Validation vulnerability in Hitachienergy Rtu500 Scripting Interface 1.0.1.30/1.0.2/1.1.1 A vulnerability exists in the component RTU500 Scripting interface. | 7.5 |
| 2023-12-19 | CVE-2023-6711 | Classic Buffer Overflow vulnerability in Hitachienergy Rtu500 Firmware Vulnerability exists in SCI IEC 60870-5-104 and HCI IEC 60870-5-104 that affects the RTU500 series product versions listed below. | 7.5 |
| 2023-12-14 | CVE-2023-5769 | Cross-site Scripting vulnerability in Hitachienergy products A vulnerability exists in the webserver that affects the RTU500 series product versions listed below. | 6.1 |
| 2023-12-04 | CVE-2023-5767 | Cross-site Scripting vulnerability in Hitachienergy products A vulnerability exists in the webserver that affects the RTU500 series product versions listed below. | 6.1 |
| 2023-12-04 | CVE-2023-5768 | Cross-site Scripting vulnerability in Hitachienergy products A vulnerability exists in the HCI IEC 60870-5-104 that affects the RTU500 series product versions listed below. | 6.1 |
| 2023-12-01 | CVE-2023-4518 | Improper Validation of Specified Quantity in Input vulnerability in Hitachienergy products A vulnerability exists in the input validation of the GOOSE messages where out of range values received and processed by the IED caused a reboot of the device. | 7.5 |
| 2023-11-01 | CVE-2023-2621 | Path Traversal vulnerability in Hitachienergy Modular Advanced Control for Hvdc 5.0/7.10.0.0 The McFeeder server (distributed as part of SSW package), is susceptible to an arbitrary file write vulnerability on the MAIN computer system. | 6.5 |
| 2023-11-01 | CVE-2023-2622 | Unspecified vulnerability in Hitachienergy Modular Advanced Control for Hvdc 7.10.0.0/7.17.0.0/7.18.0.0 Authenticated clients can read arbitrary files on the MAIN Computer system using the remote procedure call (RPC) of the InspectSetup service endpoint. | 4.3 |