A vulnerability exists in the HCI IEC 60870-5-104 function included in certain versions of the RTU500 series product. The vulnerability can only be exploited, if the HCI 60870-5-104 is configured with support for IEC 62351-5 and the CMU contains the license feature ‘Advanced security’ which must be ordered separately. If these preconditions are fulfilled, an attacker could exploit the vulnerability by sending a specially crafted message to the RTU500, causing the targeted RTU500 CMU to reboot. The vulnerability is caused by a missing input data validation which eventually if exploited causes an internal buffer to overflow in the HCI IEC 60870-5-104 function.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Hitachi Energy
Published: 2023-07-26T05:25:27.002Z
Updated: 2024-08-03T00:39:07.853Z
Reserved: 2022-07-21T06:25:31.199Z
Link: CVE-2022-2502
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-07-26T06:15:09.760
Modified: 2023-08-03T19:26:16.343
Link: CVE-2022-2502
Redhat
No data.