CVE-2021-35533

Improper Input Validation vulnerability in the APDU parser in the Bidirectional Communication Interface (BCI) IEC 60870-5-104 function of Hitachi Energy RTU500 series allows an attacker to cause the receiving RTU500 CMU of which the BCI is enabled to reboot when receiving a specially crafted message. By default, BCI IEC 60870-5-104 function is disabled (not configured). This issue affects: Hitachi Energy RTU500 series CMU Firmware version 12.0.* (all versions); CMU Firmware version 12.2.* (all versions); CMU Firmware version 12.4.* (all versions).
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:hitachienergy:rtu500_firmware:12.0:*:*:*:*:*:*:*
cpe:2.3:o:hitachienergy:rtu500_firmware:12.2:*:*:*:*:*:*:*
cpe:2.3:o:hitachienergy:rtu500_firmware:12.4:*:*:*:*:*:*:*
cpe:2.3:h:hitachienergy:rtu500:-:*:*:*:*:*:*:*

History

16 May 2023, 21:04

Type Values Removed Values Added
CPE cpe:2.3:o:abb:rtu500_firmware:12.4:*:*:*:*:*:*:*
cpe:2.3:o:abb:rtu500_firmware:12.0:*:*:*:*:*:*:*
cpe:2.3:o:abb:rtu500_firmware:12.2:*:*:*:*:*:*:*
cpe:2.3:o:hitachienergy:rtu500_firmware:12.0:*:*:*:*:*:*:*
cpe:2.3:o:hitachienergy:rtu500_firmware:12.2:*:*:*:*:*:*:*
cpe:2.3:o:hitachienergy:rtu500_firmware:12.4:*:*:*:*:*:*:*

19 Apr 2023, 15:32

Type Values Removed Values Added
CPE cpe:2.3:h:abb:rtu500:-:*:*:*:*:*:*:* cpe:2.3:h:hitachienergy:rtu500:-:*:*:*:*:*:*:*

30 Nov 2021, 19:24

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : 7.1
v3 : 7.5
References (CONFIRM) https://search.abb.com/library/Download.aspx?DocumentID=8DBD000063&LanguageCode=en&DocumentPartId=&Action=Launch - (CONFIRM) https://search.abb.com/library/Download.aspx?DocumentID=8DBD000063&LanguageCode=en&DocumentPartId=&Action=Launch - Vendor Advisory
CPE cpe:2.3:o:abb:rtu500_firmware:12.0:*:*:*:*:*:*:*
cpe:2.3:o:abb:rtu500_firmware:12.4:*:*:*:*:*:*:*
cpe:2.3:h:abb:rtu500:-:*:*:*:*:*:*:*
cpe:2.3:o:abb:rtu500_firmware:12.2:*:*:*:*:*:*:*
CWE CWE-20

26 Nov 2021, 17:24

Type Values Removed Values Added
New CVE

Information

Published : 2021-11-26 17:15

Updated : 2024-02-04 22:08


NVD link : CVE-2021-35533

Mitre link : CVE-2021-35533

CVE.ORG link : CVE-2021-35533


JSON object : View

Products Affected

hitachienergy

  • rtu500
  • rtu500_firmware
CWE
CWE-20

Improper Input Validation