{ "id": "CVE-2022-2081", "sourceIdentifier": "cybersecurity@hitachienergy.com", "published": "2024-01-04T10:15:10.927", "lastModified": "2024-01-10T16:39:45.477", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability exists in the HCI Modbus TCP function included in the product versions listed above. If the HCI Modbus TCP is enabled and configured, an attacker could exploit the vulnerability by sending a specially crafted message to the RTU500 in a high rate, causing the targeted RTU500 CMU to reboot. The vulnerability is caused by a lack of flood control which eventually if exploited causes an internal stack overflow in the HCI Modbus TCP function." }, { "lang": "es", "value": "Existe una vulnerabilidad en la funci\u00f3n HCI Modbus TCP incluida en las versiones de producto enumeradas anteriormente. Si HCI Modbus TCP est\u00e1 habilitado y configurado, un atacante podr\u00eda aprovechar la vulnerabilidad enviando un mensaje especialmente manipulado a la RTU500 a alta velocidad, lo que provocar\u00eda que la CMU RTU500 objetivo se reiniciara. La vulnerabilidad se debe a una falta de control de inundaciones que eventualmente, si se explota, provoca un desbordamiento de pila interna en la funci\u00f3n HCI Modbus TCP." } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 3.6 }, { "source": "cybersecurity@hitachienergy.com", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 3.6 } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-787" } ] }, { "source": "cybersecurity@hitachienergy.com", "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-120" } ] } ], "configurations": [ { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:hitachienergy:rtu520_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.0.1", "versionEndIncluding": "12.0.13", "matchCriteriaId": "F5E23735-DB56-4C1E-8389-B06018CC4D9E" }, { "vulnerable": true, "criteria": "cpe:2.3:o:hitachienergy:rtu520_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.2.1", "versionEndIncluding": "12.2.11", "matchCriteriaId": "2469A78A-6F37-4F4B-BED8-060914B2D0A4" }, { "vulnerable": true, "criteria": "cpe:2.3:o:hitachienergy:rtu520_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.4.1", "versionEndIncluding": "12.4.11", "matchCriteriaId": "E9E6934B-EBB2-45FB-8E4A-7D360CBA0F92" }, { "vulnerable": true, "criteria": "cpe:2.3:o:hitachienergy:rtu520_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.6.1", "versionEndIncluding": "12.6.7", "matchCriteriaId": "A8966632-8645-43D6-AB52-8BC1C1BDB6DD" }, { "vulnerable": true, "criteria": "cpe:2.3:o:hitachienergy:rtu520_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.7.1", "versionEndIncluding": "12.7.3", "matchCriteriaId": "F12F1A20-9D3C-4F2B-B538-8B4EABD288C9" }, { "vulnerable": true, "criteria": "cpe:2.3:o:hitachienergy:rtu520_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.2.1", "versionEndIncluding": "13.2.4", "matchCriteriaId": "F7A0F9D4-E9ED-4351-8909-EEE689DE2BF4" }, { "vulnerable": true, "criteria": "cpe:2.3:o:hitachienergy:rtu520_firmware:13.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "1621CAF4-C18A-48B5-82AC-F8D09105656A" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:hitachienergy:rtu520:-:*:*:*:*:*:*:*", "matchCriteriaId": "11AF93AD-200F-47A6-BA2C-F82165AFB50D" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:hitachienergy:rtu530_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.0.1", "versionEndIncluding": "12.0.13", "matchCriteriaId": "BB001482-F203-4731-A6DD-6BCE3C1338CA" }, { "vulnerable": true, "criteria": "cpe:2.3:o:hitachienergy:rtu530_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.2.1", "versionEndIncluding": "12.2.11", "matchCriteriaId": "79BC5D4A-09B2-41FB-962A-CF580181EB2C" }, { "vulnerable": true, "criteria": "cpe:2.3:o:hitachienergy:rtu530_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.4.1", "versionEndIncluding": "12.4.11", "matchCriteriaId": "A30CDB2F-E0CC-4440-9E59-AB339F94996F" }, { "vulnerable": true, "criteria": "cpe:2.3:o:hitachienergy:rtu530_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.6.1", "versionEndIncluding": "12.6.7", "matchCriteriaId": "56598D9D-5BCB-42C6-8705-AB79C4BD2A9A" }, { "vulnerable": true, "criteria": "cpe:2.3:o:hitachienergy:rtu530_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.7.1", "versionEndIncluding": "12.7.3", "matchCriteriaId": "B4FDE92C-733F-4B52-8BE6-E37898B39075" }, { "vulnerable": true, "criteria": "cpe:2.3:o:hitachienergy:rtu530_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.2.1", "versionEndIncluding": "13.2.4", "matchCriteriaId": "2209D1D9-94CD-4D8B-BB80-39CC129FEEF4" }, { "vulnerable": true, "criteria": "cpe:2.3:o:hitachienergy:rtu530_firmware:13.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "BACEC63E-0548-483F-813E-C04F4C95970E" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:hitachienergy:rtu530:-:*:*:*:*:*:*:*", "matchCriteriaId": "FC6F9377-E6BB-4DEA-9D87-0AF792CBAC57" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:hitachienergy:rtu540_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.0.1", "versionEndIncluding": "12.0.13", "matchCriteriaId": "8F1F7579-050B-4216-A4D5-FD74C8A19618" }, { "vulnerable": true, "criteria": "cpe:2.3:o:hitachienergy:rtu540_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.2.1", "versionEndIncluding": "12.2.11", "matchCriteriaId": "803838B5-058E-436B-8CE5-BF711456F96B" }, { "vulnerable": true, "criteria": "cpe:2.3:o:hitachienergy:rtu540_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.4.1", "versionEndIncluding": "12.4.11", "matchCriteriaId": "A0361A98-1496-4763-A489-DCAE0D0DF613" }, { "vulnerable": true, "criteria": "cpe:2.3:o:hitachienergy:rtu540_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.6.1", "versionEndIncluding": "12.6.7", "matchCriteriaId": "762AB8CE-068D-46D4-A275-154A2AC58E55" }, { "vulnerable": true, "criteria": "cpe:2.3:o:hitachienergy:rtu540_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.7.1", "versionEndIncluding": "12.7.3", "matchCriteriaId": "4DF9263A-D1DB-4899-99C2-88B59847C808" }, { "vulnerable": true, "criteria": "cpe:2.3:o:hitachienergy:rtu540_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.2.1", "versionEndIncluding": "13.2.4", "matchCriteriaId": "15B3C46C-0A5E-4142-A096-94A513DD8004" }, { "vulnerable": true, "criteria": "cpe:2.3:o:hitachienergy:rtu540_firmware:13.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "E8B2A709-9538-47C9-9E70-DBC1D2817E79" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:hitachienergy:rtu540:-:*:*:*:*:*:*:*", "matchCriteriaId": "6EEFDEF0-883D-402B-9CD4-333A145E3C75" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:hitachienergy:rtu560_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.0.1", "versionEndIncluding": "12.0.13", "matchCriteriaId": "0708BD2D-FEA4-4C97-9C3A-B4E67EA3D926" }, { "vulnerable": true, "criteria": "cpe:2.3:o:hitachienergy:rtu560_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.2.1", "versionEndIncluding": "12.2.11", "matchCriteriaId": "6BDB5A36-9B2F-43F9-A81B-506C4660151F" }, { "vulnerable": true, "criteria": "cpe:2.3:o:hitachienergy:rtu560_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.4.1", "versionEndIncluding": "12.4.11", "matchCriteriaId": "F25FBFD5-BC45-49C9-87D4-A9C05405490D" }, { "vulnerable": true, "criteria": "cpe:2.3:o:hitachienergy:rtu560_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.6.1", "versionEndIncluding": "12.6.7", "matchCriteriaId": "0505DF4D-0B06-4E61-B756-C2B5D31B85A0" }, { "vulnerable": true, "criteria": "cpe:2.3:o:hitachienergy:rtu560_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.7.1", "versionEndIncluding": "12.7.3", "matchCriteriaId": "9495E9A9-733C-4073-8B39-1A08A88B05A7" }, { "vulnerable": true, "criteria": "cpe:2.3:o:hitachienergy:rtu560_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.2.1", "versionEndIncluding": "13.2.4", "matchCriteriaId": "269F1D56-A575-487D-B5ED-4E774C26BA3B" }, { "vulnerable": true, "criteria": "cpe:2.3:o:hitachienergy:rtu560_firmware:13.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "530437F6-6F90-45D5-821C-B87C292C0CCC" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:hitachienergy:rtu560:-:*:*:*:*:*:*:*", "matchCriteriaId": "495DCBD6-D2D1-4295-81D1-6ACA1B2CA223" } ] } ] } ], "references": [ { "url": "https://publisher.hitachienergy.com/preview?DocumentID=8DBD000111&LanguageCode=en&DocumentPartId=&Action=Launch", "source": "cybersecurity@hitachienergy.com", "tags": [ "Vendor Advisory" ] } ] }