CVE-2022-28613

Summary

A vulnerability exists in the HCI Modbus TCP function included in the product versions listed above. If the HCI Modbus TCP is en-abled and configured, an attacker could exploit the vulnerability by sending a specially crafted message to the RTU500, causing the receiving RTU500 CMU to reboot. The vulnerability is caused by the validation error in the length information carried in MBAP header in the HCI Modbus TCP function.

Affected Software

VendorProductVersion RangeStatus
Hitachi EnergyRTU500 series CMU Firmware12.0.*affected
Hitachi EnergyRTU500 series CMU Firmware12.2.*affected
Hitachi EnergyRTU500 series CMU Firmware12.4.*affected
Hitachi EnergyRTU500 series CMU Firmware12.6.*affected
Hitachi EnergyRTU500 series CMU Firmware12.7.*affected
Hitachi EnergyRTU500 series CMU Firmware13.2.*affected

Weaknesses

  • CWE-1284: CWE-1284 Improper Validation of Specified Quantity in Input

ADP Enrichment

CVE Program Container

Additional References

References