CVE-2023-6711

Summary

Vulnerability exists in SCI IEC 60870-5-104 and HCI IEC 60870-5-104 that affects the RTU500 series product versions listed below. Specially crafted messages sent to the mentioned components are not validated properly and can result in buffer overflow and as final consequence to a reboot of an RTU500 CMU.

Affected Software

VendorProductVersion RangeStatus
Hitachi EnergyRTU500 series CMU Firmware12.0.1 <= 12.0.14affected
Hitachi EnergyRTU500 series CMU Firmware12.2.1 <= 12.2.11affected
Hitachi EnergyRTU500 series CMU Firmware12.4.1 <= 12.4.11affected
Hitachi EnergyRTU500 series CMU Firmware12.6.1 <= 12.6.9affected
Hitachi EnergyRTU500 series CMU Firmware12.7.1 <= 12.7.6affected
Hitachi EnergyRTU500 series CMU Firmware13.2.1 <= 13.2.6affected
Hitachi EnergyRTU500 series CMU Firmware13.4.1 <= 13.4.3affected
Hitachi EnergyRTU500 series CMU Firmware13.5.1affected

Weaknesses

  • CWE-120: CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

ADP Enrichment

CVE Program Container

Additional References

References