IEC 60870-5-104 used in RTU500: Potential Denial of Service impact on reception of invalid U-format frame. Product is only affected if IEC 60870-5-104 bi-directional functionality is configured. Enabling secure communication following IEC 62351-3 does not remediate the vulnerability but mitigates the risk of exploitation.
IEC 60870-5-104: Hay un potencial impacto de denegación de servicio en la recepción de una trama de formato U inválida. El producto solo se ve afectado si está configurada la funcionalidad bidireccional IEC 60870-5-104. Si se habilita la comunicación segura siguiendo la IEC 62351-3 no se remedia la vulnerabilidad, pero se mitiga el riesgo de explotación.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
| Attack Vector | NETWORK |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | NONE |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | NONE |
| Integrity Impact | NONE |
| Availability Impact | HIGH |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
| Attack Vector | NETWORK |
|---|---|
| Attack Complexity | LOW |
| Attack Requirements | NONE |
| Privileges Required | NONE |
| User Interaction | NONE |
| Vulnerability Confidentiality | NONE |
| Vulnerability Integrity | NONE |
| Vulnerability Availability | HIGH |
| Subsequent Confidentiality | NONE |
| Subsequent Integrity | NONE |
| Subsequent Availability | NONE |
Source: [email protected]
Type: Secondary
| Source | Type | Description |
|---|---|---|
| [email protected] | Secondary |
en
CWE-184
|
| Vendor | Product | Version | Update | Type |
|---|---|---|---|---|
| hitachienergy | rtu540_firmware | * | <built-in method update of dict object at 0x72a9cd0c0f00> | Operating System |
| hitachienergy | rtu540_firmware | * | <built-in method update of dict object at 0x72a9b0db6940> | Operating System |
| hitachienergy | rtu540_firmware | * | <built-in method update of dict object at 0x72a9b0db67c0> | Operating System |
| hitachienergy | rtu540_firmware | * | <built-in method update of dict object at 0x72a9cc41ce00> | Operating System |
| hitachienergy | rtu540_firmware | 13.8.1 | <built-in method update of dict object at 0x72a9cd0c2300> | Operating System |
| hitachienergy | rtu560_firmware | * | <built-in method update of dict object at 0x72a9cd0c1100> | Operating System |
| hitachienergy | rtu560_firmware | * | <built-in method update of dict object at 0x72a9b0db5140> | Operating System |
| hitachienergy | rtu560_firmware | * | <built-in method update of dict object at 0x72a9cd0c0f40> | Operating System |
| hitachienergy | rtu560_firmware | * | <built-in method update of dict object at 0x72a9b0db57c0> | Operating System |
| hitachienergy | rtu560_firmware | 13.8.1 | <built-in method update of dict object at 0x72a9cd0c19c0> | Operating System |
| hitachienergy | rtu520_firmware | * | <built-in method update of dict object at 0x72a9cd0c2440> | Operating System |
| hitachienergy | rtu520_firmware | * | <built-in method update of dict object at 0x72a9b0db4840> | Operating System |
| hitachienergy | rtu520_firmware | * | <built-in method update of dict object at 0x72a9cc46e0c0> | Operating System |
| hitachienergy | rtu520_firmware | * | <built-in method update of dict object at 0x72a9cd0c1a00> | Operating System |
| hitachienergy | rtu520_firmware | 13.8.1 | <built-in method update of dict object at 0x72a9cc46dfc0> | Operating System |
| hitachienergy | rtu530_firmware | * | <built-in method update of dict object at 0x72a9cc41ec00> | Operating System |
| hitachienergy | rtu530_firmware | * | <built-in method update of dict object at 0x72a9cd0c1dc0> | Operating System |
| hitachienergy | rtu530_firmware | * | <built-in method update of dict object at 0x72a9b0db70c0> | Operating System |
| hitachienergy | rtu530_firmware | * | <built-in method update of dict object at 0x72a9b0db5380> | Operating System |
| hitachienergy | rtu530_firmware | 13.8.1 | <built-in method update of dict object at 0x72a9b0c3fd00> | Operating System |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:hitachienergy:rtu540_firmware:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:hitachienergy:rtu540_firmware:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:hitachienergy:rtu540_firmware:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:hitachienergy:rtu540_firmware:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:hitachienergy:rtu540_firmware:13.8.1:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| No | cpe:2.3:h:hitachienergy:rtu540:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:hitachienergy:rtu560_firmware:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:hitachienergy:rtu560_firmware:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:hitachienergy:rtu560_firmware:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:hitachienergy:rtu560_firmware:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:hitachienergy:rtu560_firmware:13.8.1:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| No | cpe:2.3:h:hitachienergy:rtu560:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:hitachienergy:rtu520_firmware:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:hitachienergy:rtu520_firmware:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:hitachienergy:rtu520_firmware:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:hitachienergy:rtu520_firmware:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:hitachienergy:rtu520_firmware:13.8.1:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| No | cpe:2.3:h:hitachienergy:rtu520:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:hitachienergy:rtu530_firmware:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:hitachienergy:rtu530_firmware:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:hitachienergy:rtu530_firmware:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:hitachienergy:rtu530_firmware:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:hitachienergy:rtu530_firmware:13.8.1:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| No | cpe:2.3:h:hitachienergy:rtu530:-:*:*:*:*:*:*:* |