CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
82.5%
Improper Input Validation vulnerability in Hitachi ABB Power Grids Relion 670 Series, Relion 670/650 Series, Relion 670/650/SAM600-IO, Relion 650, REB500, RTU500 Series, FOX615 (TEGO1), MSM, GMS600, PWC600 allows an attacker with access to the IEC 61850 network with knowledge of how to reproduce the attack, as well as the IP addresses of the different IEC 61850 access points (of IEDs/products), to force the device to reboot, which renders the device inoperable for approximately 60 seconds. This vulnerability affects only products with IEC 61850 interfaces. This issue affects: Hitachi ABB Power Grids Relion 670 Series 1.1; 1.2.3 versions prior to 1.2.3.20; 2.0 versions prior to 2.0.0.13; 2.1; 2.2.2 versions prior to 2.2.2.3; 2.2.3 versions prior to 2.2.3.2. Hitachi ABB Power Grids Relion 670/650 Series 2.2.0 versions prior to 2.2.0.13. Hitachi ABB Power Grids Relion 670/650/SAM600-IO 2.2.1 versions prior to 2.2.1.6. Hitachi ABB Power Grids Relion 650 1.1; 1.2; 1.3 versions prior to 1.3.0.7.
Hitachi ABB Power Grids REB500 7.3; 7.4; 7.5; 7.6; 8.2; 8.3. Hitachi ABB Power Grids RTU500 Series 7.x version 7.x and prior versions; 8.x version 8.x and prior versions; 9.x version 9.x and prior versions;
10.x version 10.x and prior versions; 11.x version 11.x and prior versions; 12.x version 12.x and prior versions. Hitachi ABB Power Grids FOX615 (TEGO1) R1D02 version R1D02 and prior versions. Hitachi ABB Power Grids MSM 2.1.0 versions prior to 2.1.0. Hitachi ABB Power Grids GMS600 1.3.0 version 1.3.0 and prior versions. Hitachi ABB Power Grids PWC600 1.0 versions prior to 1.0.1.4; 1.1 versions prior to 1.1.0.1.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable, Inc.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(500566);
script_version("1.14");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/09/04");
script_cve_id("CVE-2021-27196");
script_xref(name:"ICSA", value:"21-096-01");
script_name(english:"Hitachi Energy Relion 670, 650 and SAM600-IO Improper Input Validation (CVE-2021-27196)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"Improper Input Validation vulnerability in Hitachi ABB Power Grids
Relion 670 Series, Relion 670/650 Series, Relion 670/650/SAM600-IO,
Relion 650, REB500, RTU500 Series, FOX615 (TEGO1), MSM, GMS600, PWC600
allows an attacker with access to the IEC 61850 network with knowledge
of how to reproduce the attack, as well as the IP addresses of the
different IEC 61850 access points (of IEDs/products), to force the
device to reboot, which renders the device inoperable for
approximately 60 seconds. This vulnerability affects only products
with IEC 61850 interfaces. This issue affects: Hitachi ABB Power Grids
Relion 670 Series 1.1; 1.2.3 versions prior to 1.2.3.20; 2.0 versions
prior to 2.0.0.13; 2.1; 2.2.2 versions prior to 2.2.2.3; 2.2.3
versions prior to 2.2.3.2. Hitachi ABB Power Grids Relion 670/650
Series 2.2.0 versions prior to 2.2.0.13. Hitachi ABB Power Grids
Relion 670/650/SAM600-IO 2.2.1 versions prior to 2.2.1.6. Hitachi ABB
Power Grids Relion 650 1.1; 1.2; 1.3 versions prior to 1.3.0.7.
Hitachi ABB Power Grids REB500 7.3; 7.4; 7.5; 7.6; 8.2; 8.3. Hitachi
ABB Power Grids RTU500 Series 7.x version 7.x and prior versions; 8.x
version 8.x and prior versions; 9.x version 9.x and prior versions;
10.x version 10.x and prior versions; 11.x version 11.x and prior
versions; 12.x version 12.x and prior versions. Hitachi ABB Power
Grids FOX615 (TEGO1) R1D02 version R1D02 and prior versions. Hitachi
ABB Power Grids MSM 2.1.0 versions prior to 2.1.0. Hitachi ABB Power
Grids GMS600 1.3.0 version 1.3.0 and prior versions. Hitachi ABB Power
Grids PWC600 1.0 versions prior to 1.0.1.4; 1.1 versions prior to
1.1.0.1.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
# https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A8934&LanguageCode=en&DocumentPartId=&Action=Launch
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e88a4149");
# https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A9059&LanguageCode=en&DocumentPartId=&Action=Launch
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?24dbfef8");
# https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A8936&LanguageCode=en&DocumentPartId=&Action=Launch
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b9ecdc09");
# https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A9057&LanguageCode=en&DocumentPartId=&Action=Launch
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?57a20c50");
# https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A8937&LanguageCode=en&DocumentPartId=&Action=Launch
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?59f45d28");
# https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A9058&LanguageCode=en&DocumentPartId=&Action=Launch
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ca5d1c3f");
# https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A8932&LanguageCode=en&DocumentPartId=&Action=Launch
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f5c70771");
script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-21-096-01");
script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.
Hitachi Energy recommends users apply relevant updates at their earliest convenience. Users should contact Hitachi
Energy to acquire firmware for a specific product version. Hitachi Energy has created the new versions to address this
vulnerability:
- Relion 670 series version 1.1: Follow recommendation as listed in the Hitachi Energy advisory 9AKK107991A8932
mitigation section or upgrade to the latest product version.
- For upgrades, contact your local Hitachi Energy associates.
- Relion 670 series version 1.2.3: Fixed in revision 670 1.2.3.20
- Relion 670 series version 2.0: Fixed in revision 670 2.0.0.13
- Relion 670 series version 2.1: Fixed in revision 670 2.1.0.5
- Relion 670/650 series version 2.2.0: Fixed in revision 670 2.2.0.13
- Relion 670/650/SAM600-IO series version 2.2.1: Fixed in revision 670 2.2.1.6
- Relion 670 series version 2.2.2: Fixed in revision 670 2.2.2.3
- Relion 670 series version 2.2.3: Fixed in revision 670 2.2.3.2
- Relion 650 series version 1.1: Follow recommendation as listed in the Hitachi Energy advisory 9AKK107991A8932
mitigation section or upgrade to the latest product version.
- For upgrades, contact your local Hitachi Energy associates.
- Relion 650 series version 1.2: Follow recommendation as listed in the Hitachi Energy advisory 9AKK107991A8932
mitigation section or upgrade to product version 1.3.
- For upgrades, contact your local Hitachi Energy associates.
- Relion 650 series version 1.3: Fixed in revision 650 1.3.0.7
Hitachi Energy recommends the following security practices and firewall configurations to help protect a process control
network from attacks originating outside the network:
- Physically protect process control systems from unauthorized direct access.
- Do not directly connect control systems networks to the internet.
- Separate process control systems from other networks using a firewall system with a minimal number of open ports.
- Do not use process control systems for internet surfing, instant messaging, or email.
- Carefully scan portable computers and removable storage media prior to connecting to a control system for malware.
- Ensure that only authorized personnel have access to the system configuration files.
More information on recommended practices can be found in the cybersecurity deployment guidelines for each product
version.
For more information, see Hitachi Energy advisory 9AKK107991A8932.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-27196");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(20);
script_set_attribute(attribute:"vuln_publication_date", value:"2021/06/14");
script_set_attribute(attribute:"patch_publication_date", value:"2021/06/14");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/02/07");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hitachienergy:reb500_firmware:7");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hitachienergy:reb500_firmware:8");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hitachienergy:relion_650_firmware:1");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hitachienergy:relion_650_firmware:1.1");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hitachienergy:relion_650_firmware:1.2");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hitachienergy:relion_650_firmware:2");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hitachienergy:relion_650_firmware:2.1");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hitachienergy:relion_670_firmware:1");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hitachienergy:relion_670_firmware:1.1");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hitachienergy:relion_670_firmware:2");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hitachienergy:relion_670_firmware:2.1");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hitachienergy:relion_sam600-io_firmware");
script_set_attribute(attribute:"generated_plugin", value:"former");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/ABB");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/ABB');
var asset = tenable_ot::assets::get(vendor:'ABB');
var vuln_cpes = {
"cpe:/o:hitachienergy:relion_670_firmware:1.2.3" :
{"versionEndExcluding" : "1.2.3.20", "versionStartIncluding" : "1.2.3", "family" : "AbbRelion"},
"cpe:/o:hitachienergy:relion_670_firmware:2.0" :
{"versionEndExcluding" : "2.0.0.13", "versionStartIncluding" : "2.0", "family" : "AbbRelion"},
"cpe:/o:hitachienergy:relion_670_firmware:2.2.0" :
{"versionEndExcluding" : "2.2.0.13", "versionStartIncluding" : "2.2.0", "family" : "AbbRelion"},
"cpe:/o:hitachienergy:relion_670_firmware:2.2.1" :
{"versionEndExcluding" : "2.2.1.6", "versionStartIncluding" : "2.2.1", "family" : "AbbRelion"},
"cpe:/o:hitachienergy:relion_670_firmware:2.2.2" :
{"versionEndExcluding" : "2.2.2.3", "versionStartIncluding" : "2.2.2", "family" : "AbbRelion"},
"cpe:/o:hitachienergy:relion_670_firmware:2.2.3" :
{"versionEndExcluding" : "2.2.3.2", "versionStartIncluding" : "2.2.3", "family" : "AbbRelion"},
"cpe:/o:hitachienergy:relion_670_firmware:1.1" :
{"versionEndIncluding" : "1.1", "versionStartIncluding" : "1.1", "family" : "AbbRelion"},
"cpe:/o:hitachienergy:relion_670_firmware:2.1" :
{"versionEndIncluding" : "2.1", "versionStartIncluding" : "2.1", "family" : "AbbRelion"},
"cpe:/o:hitachienergy:relion_650_firmware:1.3" :
{"versionEndExcluding" : "1.3.0.7", "versionStartIncluding" : "1.3", "family" : "AbbRelion"},
"cpe:/o:hitachienergy:relion_650_firmware:2.2.0" :
{"versionEndExcluding" : "2.2.0.13", "versionStartIncluding" : "2.2.0", "family" : "AbbRelion"},
"cpe:/o:hitachienergy:relion_650_firmware:2.2.1" :
{"versionEndExcluding" : "2.2.1.6", "versionStartIncluding" : "2.2.1", "family" : "AbbRelion"},
"cpe:/o:hitachienergy:relion_650_firmware:1.1" :
{"versionEndIncluding" : "1.1", "versionStartIncluding" : "1.1", "family" : "AbbRelion"},
"cpe:/o:hitachienergy:relion_650_firmware:1.2" :
{"versionEndIncluding" : "1.2", "versionStartIncluding" : "1.2", "family" : "AbbRelion"},
"cpe:/o:hitachienergy:relion_650_firmware:2.1" :
{"versionEndIncluding" : "2.1", "versionStartIncluding" : "2.1", "family" : "AbbRelion"},
"cpe:/o:hitachienergy:relion_sam600-io_firmware:2.2.1" :
{"versionEndExcluding" : "2.2.1.6", "versionStartIncluding" : "2.2.1", "family" : "AbbRelion"},
"cpe:/o:hitachienergy:reb500_firmware:7.3" :
{"versionEndExcluding" : "7.60.19", "versionStartIncluding" : "7.3", "family" : "AbbRelion"},
"cpe:/o:hitachienergy:reb500_firmware:8.2" :
{"versionEndExcluding" : "8.2.0.5", "versionStartIncluding" : "8.2", "family" : "AbbRelion"},
"cpe:/o:hitachienergy:reb500_firmware:8.3" :
{"versionEndIncluding" : "8.3.1.0", "versionStartIncluding" : "8.3", "family" : "AbbRelion"},
"cpe:/o:abb:rtu500_firmware:7.0" :
{"versionEndExcluding" : "13.0", "versionStartIncluding" : "7.0", "family" : "AbbRTU500"},
"cpe:/o:abb:fox615_tego1_firmware" :
{"versionEndExcluding" : "r2a16", "family" : "AbbFox"},
"cpe:/o:abb:pm876_firmware" :
{"versionEndExcluding" : "2.37", "family" : "MelodyRack"},
"cpe:/o:abb:pm876-1_firmware" :
{"versionEndExcluding" : "2.37", "family" : "MelodyRack"},
"cpe:/o:abb:ci850_firmware" :
{"versionEndExcluding" : "a_3", "family" : "SDSeries"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
82.5%