Improper Input Validation vulnerability in the APDU parser in the Bidirectional Communication Interface (BCI) IEC 60870-5-104 function of Hitachi Energy RTU500 series allows an attacker to cause the receiving RTU500 CMU of which the BCI is enabled to reboot when receiving a specially crafted message. By default, BCI IEC 60870-5-104 function is disabled (not configured). This issue affects: Hitachi Energy RTU500 series CMU Firmware version 12.0.* (all versions); CMU Firmware version 12.2.* (all versions); CMU Firmware version 12.4.* (all versions).
References
Link | Resource |
---|---|
https://search.abb.com/library/Download.aspx?DocumentID=8DBD000063&LanguageCode=en&DocumentPartId=&Action=Launch | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
16 May 2023, 21:04
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:abb:rtu500_firmware:12.0:*:*:*:*:*:*:* cpe:2.3:o:abb:rtu500_firmware:12.2:*:*:*:*:*:*:* |
cpe:2.3:o:hitachienergy:rtu500_firmware:12.0:*:*:*:*:*:*:* cpe:2.3:o:hitachienergy:rtu500_firmware:12.2:*:*:*:*:*:*:* cpe:2.3:o:hitachienergy:rtu500_firmware:12.4:*:*:*:*:*:*:* |
19 Apr 2023, 15:32
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:h:hitachienergy:rtu500:-:*:*:*:*:*:*:* |
30 Nov 2021, 19:24
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 7.1
v3 : 7.5 |
References | (CONFIRM) https://search.abb.com/library/Download.aspx?DocumentID=8DBD000063&LanguageCode=en&DocumentPartId=&Action=Launch - Vendor Advisory | |
CPE | cpe:2.3:o:abb:rtu500_firmware:12.0:*:*:*:*:*:*:* cpe:2.3:o:abb:rtu500_firmware:12.4:*:*:*:*:*:*:* cpe:2.3:h:abb:rtu500:-:*:*:*:*:*:*:* cpe:2.3:o:abb:rtu500_firmware:12.2:*:*:*:*:*:*:* |
|
CWE | CWE-20 |
26 Nov 2021, 17:24
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-11-26 17:15
Updated : 2024-02-04 22:08
NVD link : CVE-2021-35533
Mitre link : CVE-2021-35533
CVE.ORG link : CVE-2021-35533
JSON object : View
Products Affected
hitachienergy
- rtu500
- rtu500_firmware
CWE
CWE-20
Improper Input Validation