CVE-2024-1531

Summary

A vulnerability exists in the stb-language file handling that affects the RTU500 series product versions listed below. A malicious actor could print random memory content in the RTU500 system log, if an authorized user uploads a specially crafted stb-language file.

Affected Software

VendorProductVersion RangeStatus
Hitachi EnergyRTU500 series CMU firmware12.0.1 <= 12.0.14affected
Hitachi EnergyRTU500 series CMU firmware12.2.1 <= 12.2.11affected
Hitachi EnergyRTU500 series CMU firmware12.4.1 <= 12.4.11affected
Hitachi EnergyRTU500 series CMU firmware12.6.1 <= 12.6.9affected
Hitachi EnergyRTU500 series CMU firmware12.7.1 <= 12.7.6affected
Hitachi EnergyRTU500 series CMU firmware13.2.1 <= 13.2.6affected
Hitachi EnergyRTU500 series CMU firmware13.4.1 <= 13.4.4affected
Hitachi EnergyRTU500 series CMU firmware13.5.1 <= 13.5.3affected

Weaknesses

  • CWE-434: CWE-434 Unrestricted Upload of File with Dangerous Type

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References