A vulnerability exists in the HCI Modbus TCP function included in the product versions listed above. If the HCI Modbus TCP is enabled and configured, an attacker could exploit the vulnerability by sending a specially crafted message to the RTU500 in a high rate, causing the targeted RTU500 CMU to reboot. The vulnerability is caused by a lack of flood control which eventually if exploited causes an internal stack overflow in the HCI Modbus TCP function.
Existe una vulnerabilidad en la función HCI Modbus TCP incluida en las versiones de producto enumeradas anteriormente. Si HCI Modbus TCP está habilitado y configurado, un atacante podría aprovechar la vulnerabilidad enviando un mensaje especialmente manipulado a la RTU500 a alta velocidad, lo que provocaría que la CMU RTU500 objetivo se reiniciara. La vulnerabilidad se debe a una falta de control de inundaciones que eventualmente, si se explota, provoca un desbordamiento de pila interna en la función HCI Modbus TCP.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
| Attack Vector | NETWORK |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | NONE |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | NONE |
| Integrity Impact | NONE |
| Availability Impact | HIGH |
| Source | Type | Description |
|---|---|---|
| [email protected] | Secondary |
en
CWE-787
|
| [email protected] | Primary |
en
CWE-787
|
| Vendor | Product | Version | Update | Type |
|---|---|---|---|---|
| hitachienergy | rtu520_firmware | * | <built-in method update of dict object at 0x72a9cc627640> | Operating System |
| hitachienergy | rtu520_firmware | * | <built-in method update of dict object at 0x72a9cc624680> | Operating System |
| hitachienergy | rtu520_firmware | * | <built-in method update of dict object at 0x72a9cc5c0cc0> | Operating System |
| hitachienergy | rtu520_firmware | * | <built-in method update of dict object at 0x72a9b0c3e980> | Operating System |
| hitachienergy | rtu520_firmware | * | <built-in method update of dict object at 0x72a9cc624a40> | Operating System |
| hitachienergy | rtu520_firmware | * | <built-in method update of dict object at 0x72a9cc624340> | Operating System |
| hitachienergy | rtu520_firmware | 13.3.1 | <built-in method update of dict object at 0x72a9cc556f40> | Operating System |
| hitachienergy | rtu530_firmware | * | <built-in method update of dict object at 0x72a9cc625ec0> | Operating System |
| hitachienergy | rtu530_firmware | * | <built-in method update of dict object at 0x72a9b0c9a680> | Operating System |
| hitachienergy | rtu530_firmware | * | <built-in method update of dict object at 0x72a9cc6277c0> | Operating System |
| hitachienergy | rtu530_firmware | * | <built-in method update of dict object at 0x72a9cc7ee300> | Operating System |
| hitachienergy | rtu530_firmware | * | <built-in method update of dict object at 0x72a9cc625dc0> | Operating System |
| hitachienergy | rtu530_firmware | * | <built-in method update of dict object at 0x72a9cc5762c0> | Operating System |
| hitachienergy | rtu530_firmware | 13.3.1 | <built-in method update of dict object at 0x72a9cc7ee980> | Operating System |
| hitachienergy | rtu540_firmware | * | <built-in method update of dict object at 0x72a9b0c99000> | Operating System |
| hitachienergy | rtu540_firmware | * | <built-in method update of dict object at 0x72a9b0735a00> | Operating System |
| hitachienergy | rtu540_firmware | * | <built-in method update of dict object at 0x72a9cc627440> | Operating System |
| hitachienergy | rtu540_firmware | * | <built-in method update of dict object at 0x72a9cc626140> | Operating System |
| hitachienergy | rtu540_firmware | * | <built-in method update of dict object at 0x72a9cc575800> | Operating System |
| hitachienergy | rtu540_firmware | * | <built-in method update of dict object at 0x72a9b0c3df00> | Operating System |
| hitachienergy | rtu540_firmware | 13.3.1 | <built-in method update of dict object at 0x72a9e4177b40> | Operating System |
| hitachienergy | rtu560_firmware | * | <built-in method update of dict object at 0x72a9cc5760c0> | Operating System |
| hitachienergy | rtu560_firmware | * | <built-in method update of dict object at 0x72a9cc5769c0> | Operating System |
| hitachienergy | rtu560_firmware | * | <built-in method update of dict object at 0x72a9e6d10e00> | Operating System |
| hitachienergy | rtu560_firmware | * | <built-in method update of dict object at 0x72a9cdc855c0> | Operating System |
| hitachienergy | rtu560_firmware | * | <built-in method update of dict object at 0x72a9b0c9ab80> | Operating System |
| hitachienergy | rtu560_firmware | * | <built-in method update of dict object at 0x72a9cc627980> | Operating System |
| hitachienergy | rtu560_firmware | 13.3.1 | <built-in method update of dict object at 0x72a9b0c9be40> | Operating System |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:hitachienergy:rtu520_firmware:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:hitachienergy:rtu520_firmware:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:hitachienergy:rtu520_firmware:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:hitachienergy:rtu520_firmware:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:hitachienergy:rtu520_firmware:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:hitachienergy:rtu520_firmware:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:hitachienergy:rtu520_firmware:13.3.1:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| No | cpe:2.3:h:hitachienergy:rtu520:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:hitachienergy:rtu530_firmware:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:hitachienergy:rtu530_firmware:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:hitachienergy:rtu530_firmware:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:hitachienergy:rtu530_firmware:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:hitachienergy:rtu530_firmware:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:hitachienergy:rtu530_firmware:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:hitachienergy:rtu530_firmware:13.3.1:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| No | cpe:2.3:h:hitachienergy:rtu530:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:hitachienergy:rtu540_firmware:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:hitachienergy:rtu540_firmware:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:hitachienergy:rtu540_firmware:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:hitachienergy:rtu540_firmware:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:hitachienergy:rtu540_firmware:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:hitachienergy:rtu540_firmware:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:hitachienergy:rtu540_firmware:13.3.1:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| No | cpe:2.3:h:hitachienergy:rtu540:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:hitachienergy:rtu560_firmware:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:hitachienergy:rtu560_firmware:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:hitachienergy:rtu560_firmware:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:hitachienergy:rtu560_firmware:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:hitachienergy:rtu560_firmware:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:hitachienergy:rtu560_firmware:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:hitachienergy:rtu560_firmware:13.3.1:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| No | cpe:2.3:h:hitachienergy:rtu560:-:*:*:*:*:*:*:* |