Vulnerability Details CVE-2021-35533
Improper Input Validation vulnerability in the APDU parser in the Bidirectional Communication Interface (BCI) IEC 60870-5-104 function of Hitachi Energy RTU500 series allows an attacker to cause the receiving RTU500 CMU of which the BCI is enabled to reboot when receiving a specially crafted message. By default, BCI IEC 60870-5-104 function is disabled (not configured). This issue affects: Hitachi Energy RTU500 series CMU Firmware version 12.0.* (all versions); CMU Firmware version 12.2.* (all versions); CMU Firmware version 12.4.* (all versions).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 66.7%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 7.1
References
Products affected by CVE-2021-35533
-
cpe:2.3:h:hitachienergy:rtu500:-
-
cpe:2.3:o:hitachienergy:rtu500_firmware:12.0
-
cpe:2.3:o:hitachienergy:rtu500_firmware:12.2
-
cpe:2.3:o:hitachienergy:rtu500_firmware:12.4