Hitachienergy: Security Vulnerabilities
A vulnerability exists in the HCI IEC 60870-5-104 that affects the RTU500 series product versions listed below.
Incomplete or wrong received APDU frame layout may
cause blocking on link layer. Error reason was an endless blocking when reading incoming frames on link layer
with wrong length information of APDU or delayed reception
of data octets.
Only communication link of affected HCI IEC 60870-5-104
is blocked. If attack sequence stops the communication to
the previously attacked link gets normal again.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-12-04
A vulnerability exists in the input validation of the GOOSE
messages where out of range values received and processed
by the IED caused a reboot of the device. In order for an
attacker to exploit the vulnerability, goose receiving blocks need
to be configured.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-12-01
Poorly constructed webap requests and URI components with special characters trigger unhandled errors and exceptions, disclosing
information about the underlying technology and other sensitive information details. The website unintentionally reveals sensitive information including technical details like version Info, endpoints,
backend server, Internal IP. etc., which can potentially expose additional attack surface containing other interesting vulnerabilities.
CVSS Score
5.3
EPSS Score
0.002
Published
2023-11-01
The McFeeder server (distributed as part of SSW package), is susceptible to an arbitrary file write vulnerability on the MAIN computer
system. This vulnerability stems from the use of an outdated version of a third-party library, which is used to extract archives uploaded to McFeeder server. An authenticated malicious client can
exploit this vulnerability by uploading a crafted ZIP archive via the
network to McFeeder’s service endpoint.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-11-01
Authenticated clients can read arbitrary files on the MAIN Computer
system using the remote procedure call (RPC) of the InspectSetup
service endpoint. The low privilege client is then allowed to read arbitrary files that they do not have authorization to read.
CVSS Score
2.7
EPSS Score
0.001
Published
2023-11-01
The response messages received from the eSOMS report generation using certain parameter queries with full file path can be
abused for enumerating the local file system structure.
CVSS Score
5.3
EPSS Score
0.002
Published
2023-11-01
The responses for web queries with certain parameters disclose internal path of resources. This information can be used to learn internal structure of the application and to further plot attacks against
web servers and deployed web applications.
CVSS Score
5.3
EPSS Score
0.002
Published
2023-11-01
A vulnerability exists in the Equipment Tag Out authentication, when configured with Single Sign-On (SSO) with password validation in T214. This vulnerability can be exploited by an authenticated user per-forming an Equipment Tag Out holder action (Accept, Release, and Clear) for another user and entering an arbitrary password in the holder action confirmation dialog box. Despite entering an arbitrary password in the confirmation box, the system will execute the selected holder action.
CVSS Score
6.9
EPSS Score
0.0
Published
2023-09-11
A vulnerability exists in HCI IEC 60870-5-104 function included in certain versions of the RTU500 series product. The vulnerability can only be exploited, if the HCI 60870-5-104 is configured with support for IEC 62351-3. After session resumption interval is expired an RTU500 initiated update of session parameters causes an unexpected restart due to a stack overflow.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-07-26
A vulnerability exists in the HCI IEC 60870-5-104 function included in certain versions of the RTU500 series product. The vulnerability can only be exploited, if the HCI 60870-5-104 is configured with support for IEC 62351-5 and the CMU contains the license feature ‘Advanced security’ which must be ordered separately. If these preconditions are fulfilled, an attacker could exploit the vulnerability by sending a specially crafted message to the RTU500, causing the targeted RTU500 CMU to reboot. The vulnerability is caused by a missing input data validation which eventually if exploited causes an internal buffer to overflow in the HCI IEC 60870-5-104 function.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-07-26