Lucene search

[email protected]CVE-2023-5768

HistoryDec 04, 2023 - 3:15 p.m.

CVE-2023-5768

2023-12-0415:15:07

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-5768

vulnerability

hci iec 60870-5-104

link layer

rtu500

communication security

nvd

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.1 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

A vulnerability exists in the HCI IEC 60870-5-104 that affects the RTU500 series product versions listed below.
Incomplete or wrong received APDU frame layout may
cause blocking on link layer. Error reason was an endless blocking when reading incoming frames on link layer
with wrong length information of APDU or delayed reception
of data octets.

Only communication link of affected HCI IEC 60870-5-104
is blocked. If attack sequence stops the communication to
the previously attacked link gets normal again.

Affected configurations

NVD

Node

hitachienergyrtu520_firmwareRange12.0.1–12.0.14

hitachienergyrtu520_firmwareRange12.2.1–12.2.11

hitachienergyrtu520_firmwareRange12.4.1–12.4.11

hitachienergyrtu520_firmwareRange12.6.1–12.6.9

hitachienergyrtu520_firmwareRange12.7.1–12.7.6

hitachienergyrtu520_firmwareRange13.2.1–13.2.6

hitachienergyrtu520_firmwareRange13.4.1–13.4.3

AND

hitachienergyrtu520Match-

Node

hitachienergyrtu530_firmwareRange12.0.1–12.0.14

hitachienergyrtu530_firmwareRange12.2.1–12.2.11

hitachienergyrtu530_firmwareRange12.4.1–12.4.11

hitachienergyrtu530_firmwareRange12.6.1–12.6.9

hitachienergyrtu530_firmwareRange12.7.1–12.7.6

hitachienergyrtu530_firmwareRange13.2.1–13.2.6

hitachienergyrtu530_firmwareRange13.4.1–13.4.3

AND

hitachienergyrtu530Match-

Node

hitachienergyrtu540_firmwareRange12.0.1–12.0.14

hitachienergyrtu540_firmwareRange12.2.1–12.2.11

hitachienergyrtu540_firmwareRange12.4.1–12.4.11

hitachienergyrtu540_firmwareRange12.6.1–12.6.9

hitachienergyrtu540_firmwareRange12.7.1–12.7.6

hitachienergyrtu540_firmwareRange13.2.1–13.2.6

hitachienergyrtu540_firmwareRange13.4.1–13.4.3

AND

hitachienergyrtu540Match-

Node

hitachienergyrtu560_firmwareRange12.0.1–12.0.14

hitachienergyrtu560_firmwareRange12.2.1–12.2.11

hitachienergyrtu560_firmwareRange12.4.1–12.4.11

hitachienergyrtu560_firmwareRange12.6.1–12.6.9

hitachienergyrtu560_firmwareRange12.7.1–12.7.6

hitachienergyrtu560_firmwareRange13.2.1–13.2.6

hitachienergyrtu560_firmwareRange13.4.1–13.4.3

AND

hitachienergyrtu560Match-

CPENameOperatorVersion
hitachienergy:rtu520_firmwarehitachienergy rtu520 firmwarele12.0.14
hitachienergy:rtu520_firmwarehitachienergy rtu520 firmwarele12.2.11
hitachienergy:rtu520_firmwarehitachienergy rtu520 firmwarele12.4.11
hitachienergy:rtu520_firmwarehitachienergy rtu520 firmwarele12.6.9
hitachienergy:rtu520_firmwarehitachienergy rtu520 firmwarele12.7.6
hitachienergy:rtu520_firmwarehitachienergy rtu520 firmwarele13.2.6
hitachienergy:rtu520_firmwarehitachienergy rtu520 firmwarele13.4.3

CPE	Name	Operator	Version
hitachienergy:rtu520_firmware	hitachienergy rtu520 firmware	le	12.0.14
hitachienergy:rtu520_firmware	hitachienergy rtu520 firmware	le	12.2.11
hitachienergy:rtu520_firmware	hitachienergy rtu520 firmware	le	12.4.11
hitachienergy:rtu520_firmware	hitachienergy rtu520 firmware	le	12.6.9
hitachienergy:rtu520_firmware	hitachienergy rtu520 firmware	le	12.7.6
hitachienergy:rtu520_firmware	hitachienergy rtu520 firmware	le	13.2.6
hitachienergy:rtu520_firmware	hitachienergy rtu520 firmware	le	13.4.3

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "RTU500 series",
    "vendor": "Hitachi Energy",
    "versions": [
      {
        "status": "affected",
        "version": "RTU500 series CMU Firmware version 12.0.1 – 12.0.14"
      },
      {
        "status": "affected",
        "version": "RTU500 series CMU Firmware version 12.2.1 – 12.2.11"
      },
      {
        "status": "affected",
        "version": "RTU500 series CMU Firmware version 12.4.1 – 12.4.11 "
      },
      {
        "status": "affected",
        "version": "RTU500 series CMU Firmware version 12.6.1 – 12.6.9 "
      },
      {
        "status": "affected",
        "version": "RTU500 series CMU Firmware version 12.7.1 – 12.7.6"
      },
      {
        "status": "affected",
        "version": "RTU500 series CMU Firmware version 13.2.1 – 13.2.6 "
      },
      {
        "status": "affected",
        "version": "RTU500 series CMU Firmware version 13.4.1 – 13.4.3 "
      }
    ]
  }
]

References

publisher.hitachienergy.com/preview?DocumentId=8DBD000176&languageCode=en&Preview=true

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.1 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

Related for CVE-2023-5768

nessus1 nvd1 prion1 cvelist1