A vulnerability exists in the HCI IEC 60870-5-104 that affects the RTU500 series product versions listed below. Incomplete or wrong received APDU frame layout may cause blocking on link layer. Error reason was an endless blocking when reading incoming frames on link layer with wrong length information of APDU or delayed reception of data octets. Only communication link of affected HCI IEC 60870-5-104 is blocked. If attack sequence stops the communication to the previously attacked link gets normal again.
Existe una vulnerabilidad en HCI IEC 60870-5-104 que afecta a las versiones de productos RTU500 series que se enumeran a continuación. El diseño de la trama APDU recibida incompleta o incorrecta puede provocar el bloqueo en la capa de enlace. La razón del error fue un bloqueo interminable al leer tramas entrantes en la capa de enlace con información de longitud incorrecta de APDU o recepción retrasada de octetos de datos. Solo se bloquea el enlace de comunicación del HCI IEC 60870-5-104 afectado. Si la secuencia del ataque se detiene, la comunicación con el enlace previamente atacado vuelve a ser normal.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
| Attack Vector | NETWORK |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | NONE |
| User Interaction | REQUIRED |
| Scope | CHANGED |
| Confidentiality Impact | LOW |
| Integrity Impact | LOW |
| Availability Impact | NONE |
| Source | Type | Description |
|---|---|---|
| [email protected] | Primary |
en
CWE-79
|
| Vendor | Product | Version | Update | Type |
|---|---|---|---|---|
| hitachienergy | rtu520_firmware | * | <built-in method update of dict object at 0x72a999778500> | Operating System |
| hitachienergy | rtu520_firmware | * | <built-in method update of dict object at 0x72a999778300> | Operating System |
| hitachienergy | rtu520_firmware | * | <built-in method update of dict object at 0x72a99977b680> | Operating System |
| hitachienergy | rtu520_firmware | * | <built-in method update of dict object at 0x72a9cc76c440> | Operating System |
| hitachienergy | rtu520_firmware | * | <built-in method update of dict object at 0x72a999779f00> | Operating System |
| hitachienergy | rtu520_firmware | * | <built-in method update of dict object at 0x72a9997797c0> | Operating System |
| hitachienergy | rtu520_firmware | * | <built-in method update of dict object at 0x72a999778840> | Operating System |
| hitachienergy | rtu530_firmware | * | <built-in method update of dict object at 0x72a99977ac00> | Operating System |
| hitachienergy | rtu530_firmware | * | <built-in method update of dict object at 0x72a999778fc0> | Operating System |
| hitachienergy | rtu530_firmware | * | <built-in method update of dict object at 0x72a999779ec0> | Operating System |
| hitachienergy | rtu530_firmware | * | <built-in method update of dict object at 0x72a949bec7c0> | Operating System |
| hitachienergy | rtu530_firmware | * | <built-in method update of dict object at 0x72a99977ac80> | Operating System |
| hitachienergy | rtu530_firmware | * | <built-in method update of dict object at 0x72a9cc76da40> | Operating System |
| hitachienergy | rtu530_firmware | * | <built-in method update of dict object at 0x72a9cc76d900> | Operating System |
| hitachienergy | rtu540_firmware | * | <built-in method update of dict object at 0x72a999779a00> | Operating System |
| hitachienergy | rtu540_firmware | * | <built-in method update of dict object at 0x72a9cc76f680> | Operating System |
| hitachienergy | rtu540_firmware | * | <built-in method update of dict object at 0x72a99977a2c0> | Operating System |
| hitachienergy | rtu540_firmware | * | <built-in method update of dict object at 0x72a9cc76f200> | Operating System |
| hitachienergy | rtu540_firmware | * | <built-in method update of dict object at 0x72a9cc76d000> | Operating System |
| hitachienergy | rtu540_firmware | * | <built-in method update of dict object at 0x72a9cc76d6c0> | Operating System |
| hitachienergy | rtu540_firmware | * | <built-in method update of dict object at 0x72a9cc76dbc0> | Operating System |
| hitachienergy | rtu560_firmware | * | <built-in method update of dict object at 0x72a99977bac0> | Operating System |
| hitachienergy | rtu560_firmware | * | <built-in method update of dict object at 0x72a949bec380> | Operating System |
| hitachienergy | rtu560_firmware | * | <built-in method update of dict object at 0x72a99977b900> | Operating System |
| hitachienergy | rtu560_firmware | * | <built-in method update of dict object at 0x72a9cc76f080> | Operating System |
| hitachienergy | rtu560_firmware | * | <built-in method update of dict object at 0x72a9cc76cec0> | Operating System |
| hitachienergy | rtu560_firmware | * | <built-in method update of dict object at 0x72a99977a180> | Operating System |
| hitachienergy | rtu560_firmware | * | <built-in method update of dict object at 0x72a949bec780> | Operating System |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:hitachienergy:rtu520_firmware:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:hitachienergy:rtu520_firmware:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:hitachienergy:rtu520_firmware:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:hitachienergy:rtu520_firmware:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:hitachienergy:rtu520_firmware:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:hitachienergy:rtu520_firmware:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:hitachienergy:rtu520_firmware:*:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| No | cpe:2.3:h:hitachienergy:rtu520:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:hitachienergy:rtu530_firmware:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:hitachienergy:rtu530_firmware:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:hitachienergy:rtu530_firmware:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:hitachienergy:rtu530_firmware:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:hitachienergy:rtu530_firmware:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:hitachienergy:rtu530_firmware:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:hitachienergy:rtu530_firmware:*:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| No | cpe:2.3:h:hitachienergy:rtu530:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:hitachienergy:rtu540_firmware:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:hitachienergy:rtu540_firmware:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:hitachienergy:rtu540_firmware:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:hitachienergy:rtu540_firmware:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:hitachienergy:rtu540_firmware:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:hitachienergy:rtu540_firmware:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:hitachienergy:rtu540_firmware:*:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| No | cpe:2.3:h:hitachienergy:rtu540:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:hitachienergy:rtu560_firmware:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:hitachienergy:rtu560_firmware:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:hitachienergy:rtu560_firmware:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:hitachienergy:rtu560_firmware:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:hitachienergy:rtu560_firmware:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:hitachienergy:rtu560_firmware:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:hitachienergy:rtu560_firmware:*:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| No | cpe:2.3:h:hitachienergy:rtu560:-:*:*:*:*:*:*:* |