CVE-2023-4518
6.5
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A vulnerability exists in the input validation of the GOOSE messages where out of range values received and processed by the IED caused a reboot of the device. In order for an attacker to exploit the vulnerability, goose receiving blocks need to be configured.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Hitachi Energy | Relion670 | Relion 670 series version 2.2.0 all revisions | affected |
| Hitachi Energy | Relion670 | Relion 670/650/SAM600-IO series version 2.2.1 all revisions | affected |
| Hitachi Energy | Relion670 | elion 670 series version 2.2.2 all revisions | affected |
| Hitachi Energy | Relion670 | Relion 670 series version 2.2.3 all revisions | affected |
| Hitachi Energy | Relion670 | Relion 670/650 series version 2.2.4 all revisions | affected |
| Hitachi Energy | Relion670 | Relion 670/650/SAM600-IO series version 2.2.5 all revisions | affected |
Weaknesses
- CWE-1284: CWE-1284 Improper Validation of Specified Quantity in Input
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.