CVE-2023-4518

Summary

A vulnerability exists in the input validation of the GOOSE messages where out of range values received and processed by the IED caused a reboot of the device. In order for an attacker to exploit the vulnerability, goose receiving blocks need to be configured.

Affected Software

VendorProductVersion RangeStatus
Hitachi EnergyRelion670Relion 670 series version 2.2.0 all revisionsaffected
Hitachi EnergyRelion670Relion 670/650/SAM600-IO series version 2.2.1 all revisionsaffected
Hitachi EnergyRelion670elion 670 series version 2.2.2 all revisionsaffected
Hitachi EnergyRelion670Relion 670 series version 2.2.3 all revisionsaffected
Hitachi EnergyRelion670Relion 670/650 series version 2.2.4 all revisionsaffected
Hitachi EnergyRelion670Relion 670/650/SAM600-IO series version 2.2.5 all revisionsaffected

Weaknesses

  • CWE-1284: CWE-1284 Improper Validation of Specified Quantity in Input

ADP Enrichment

CVE Program Container

Additional References

References