CVE-2022-28613

A vulnerability exists in the HCI Modbus TCP function included in the product versions listed above. If the HCI Modbus TCP is en-abled and configured, an attacker could exploit the vulnerability by sending a specially crafted message to the RTU500, causing the receiving RTU500 CMU to reboot. The...

Information disclosure

A vulnerability in the HCI Modbus TCP COMPONENT of Hitachi Energy RTU500 series CMU Firmware that is caused by the validation error in the length information carried in MBAP header allows an ATTACKER to reboot the device by sending a special crafted message. This issue affects: Hitachi Energy...

CVE-2022-28613

Hitachi Energy RTU500 CMU Firmware versions 12.0.–13.2. are affected by CVE-2022-28613 due to a validation error in the MBAP header length handling in the HCI Modbus TCP function. Exploitation could cause a reboot of the RTU500 CMU when HCI Modbus TCP is enabled, with CVSS v3.1 base score 7.5 (NE...

CVE-2022-28613 Specially Crafted Modbus TCP Packet Vulnerability in RTU500 series

A vulnerability exists in the HCI Modbus TCP function included in the product versions listed above. If the HCI Modbus TCP is en-abled and configured, an attacker could exploit the vulnerability by sending a specially crafted message to the RTU500, causing the receiving RTU500 CMU to reboot. The...

PT-2022-2442 · Hitachi Energy · Rtu500 Series Cmu Firmware

Name of the Vulnerable Software and Affected Versions: Hitachi Energy RTU500 series CMU Firmware versions 12.0. through 13.2. Description: A vulnerability exists in the HCI Modbus TCP function, which can be exploited by sending a specially crafted message to the RTU500, causing it to reboot. This...

Hitachi Energy RTU500 输入验证错误漏洞

Hitachi Energy RTU500 is a series of industrial control components from Hitachi, Ltd Hitachi, Japan. The Hitachi Energy RTU500 suffers from an input validation error vulnerability that stems from a length information validation error carried in MBAP. An attacker could exploit the vulnerability by...

The vulnerability of the Modbus protocol implementation in the intrusion detection system Snort, caused by integer overflows, allows attackers to trigger a service failure.

The vulnerability of the Modbus protocol implementation in the intrusion detection system Snort is caused by a numerical overflow condition. Exploiting this vulnerability could allow a malicious actor, operating remotely, to cause a service failure...

Researchers Detail Bug That Could Paralyze Snort Intrusion Detection System

Details have emerged about a now-patched security vulnerability in the Snort intrusion detection and prevention system that could trigger a denial-of-service DoS condition and render it powerless against malicious traffic. Tracked as CVE-2022-20685, the vulnerability is rated 7.5 for severity and...

CVE-2022-28613

A vulnerability exists in the HCI Modbus TCP function included in the product versions listed above. If the HCI Modbus TCP is en-abled and configured, an attacker could exploit the vulnerability by sending a specially crafted message to the RTU500, causing the receiving RTU500 CMU to reboot. The...

CVE-2021-30065

On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, crafted ModBus packets can bypass the ModBus enforcer. NOTE: this issue exists because of an incomplete fix of CVE-2017-11401...

CVE-2021-30065

On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, crafted ModBus packets can bypass the ModBus enforcer. NOTE: this issue exists because of an incomplete fix of CVE-2017-11401...

Code injection

On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, crafted ModBus packets can bypass the ModBus enforcer. NOTE: this issue exists because of an incomplete fix of CVE-2017-11401...

CVE-2021-30065

CVE-2021-30065 affects Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 prior to 03.23 and TCSEFEA23F3F20/21, plus Belden Tofino Xenon Security Appliance. Root cause is an incomplete fix of CVE-2017-11401, enabling crafted ModBus packets to bypass the ModBus enforcer. Impact: bypass of...

CVE-2021-30065

On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, crafted ModBus packets can bypass the ModBus enforcer. NOTE: this issue exists because of an incomplete fix of CVE-2017-11401...

Schneider Electric ConneXium Tofino Firewall 安全漏洞

Schneider Electric ConneXium Tofino Firewall is a firewall appliance from Schneider Electric France. A security vulnerability exists in the Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 prior to version 03.23 , TCSEFEA23F3F20/21 and Belden Tofino Xenon Security Appliance, which...

CVE-2022-1068

Modbus Tools Modbus Slave versions 7.4.2 and prior is vulnerable to a stack-based buffer overflow in the registration field. This may cause the program to crash when a long character string is used...

CVE-2022-1068

Modbus Tools Modbus Slave versions 7.4.2 and prior is vulnerable to a stack-based buffer overflow in the registration field. This may cause the program to crash when a long character string is used...

Stack overflow

Modbus Tools Modbus Slave versions 7.4.2 and prior is vulnerable to a stack-based buffer overflow in the registration field. This may cause the program to crash when a long character string is used...

CVE-2022-1068 Modbus Tools Modbus Slave Stack-Based Buffer Overflow

Modbus Tools Modbus Slave versions 7.4.2 and prior is vulnerable to a stack-based buffer overflow in the registration field. This may cause the program to crash when a long character string is used...

CVE-2022-1068 Modbus Tools Modbus Slave Stack-Based Buffer Overflow

Modbus Tools Modbus Slave versions 7.4.2 and prior is vulnerable to a stack-based buffer overflow in the registration field. This may cause the program to crash when a long character string is used...