CVE-2023-6711
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Vulnerability exists in SCI IEC 60870-5-104 and HCI IEC 60870-5-104 that affects the RTU500 series product versions listed below. Specially crafted messages sent to the mentioned components are not validated properly and can result in buffer overflow and as final consequence to a reboot of an RTU500 CMU.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Hitachi Energy | RTU500 series CMU Firmware | 12.0.1 <= 12.0.14 | affected |
| Hitachi Energy | RTU500 series CMU Firmware | 12.2.1 <= 12.2.11 | affected |
| Hitachi Energy | RTU500 series CMU Firmware | 12.4.1 <= 12.4.11 | affected |
| Hitachi Energy | RTU500 series CMU Firmware | 12.6.1 <= 12.6.9 | affected |
| Hitachi Energy | RTU500 series CMU Firmware | 12.7.1 <= 12.7.6 | affected |
| Hitachi Energy | RTU500 series CMU Firmware | 13.2.1 <= 13.2.6 | affected |
| Hitachi Energy | RTU500 series CMU Firmware | 13.4.1 <= 13.4.3 | affected |
| Hitachi Energy | RTU500 series CMU Firmware | 13.5.1 | affected |
Weaknesses
- CWE-120: CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.