What is the severity of CVE-2022-2081?

CVE-2022-2081 has been assigned a severity rating that depends on the potential impact of an attack exploiting the vulnerability.

How do I fix CVE-2022-2081?

To fix CVE-2022-2081, ensure that the HCI Modbus TCP function is disabled if not in use, and update to the latest firmware version provided by Hitachi Energy.

Which versions of firmware are affected by CVE-2022-2081?

CVE-2022-2081 affects Hitachi Energy RTU520, RTU530, RTU540, and RTU560 firmware versions within specific ranges as listed for each model.

What kind of attack can exploit CVE-2022-2081?

An attacker can exploit CVE-2022-2081 by sending specially crafted messages at a high rate to the affected RTU500 devices.

Is there a workaround for CVE-2022-2081?

A potential workaround for CVE-2022-2081 is to configure settings to minimize exposure, such as restricting network access to the HCI Modbus TCP function.

Vulnerability/
CVE-2022-2081

high

7.5

CWE

787

4/1/2024

25/9/2024

CVE-2022-2081

First published: Thu Jan 04 2024(Updated: )

A vulnerability exists in the HCI Modbus TCP function included in the product versions listed above. If the HCI Modbus TCP is enabled and configured, an attacker could exploit the vulnerability by sending a specially crafted message to the RTU500 in a high rate, causing the targeted RTU500 CMU to reboot. The vulnerability is caused by a lack of flood control which eventually if exploited causes an internal stack overflow in the HCI Modbus TCP function.

Credit: cybersecurity@hitachienergy.com

Affected Software	Affected Version	How to fix
All of
Any of
Hitachienergy Rtu520 Firmware	>=12.0.1<=12.0.13
Hitachienergy Rtu520 Firmware	>=12.2.1<=12.2.11
Hitachienergy Rtu520 Firmware	>=12.4.1<=12.4.11
Hitachienergy Rtu520 Firmware	>=12.6.1<=12.6.7
Hitachienergy Rtu520 Firmware	>=12.7.1<=12.7.3
Hitachienergy Rtu520 Firmware	>=13.2.1<=13.2.4
Hitachienergy Rtu520 Firmware	=13.3.1
Hitachienergy Rtu520
All of
Any of
Hitachienergy Rtu530 Firmware	>=12.0.1<=12.0.13
Hitachienergy Rtu530 Firmware	>=12.2.1<=12.2.11
Hitachienergy Rtu530 Firmware	>=12.4.1<=12.4.11
Hitachienergy Rtu530 Firmware	>=12.6.1<=12.6.7
Hitachienergy Rtu530 Firmware	>=12.7.1<=12.7.3
Hitachienergy Rtu530 Firmware	>=13.2.1<=13.2.4
Hitachienergy Rtu530 Firmware	=13.3.1
Hitachienergy Rtu530
All of
Any of
Hitachienergy Rtu540 Firmware	>=12.0.1<=12.0.13
Hitachienergy Rtu540 Firmware	>=12.2.1<=12.2.11
Hitachienergy Rtu540 Firmware	>=12.4.1<=12.4.11
Hitachienergy Rtu540 Firmware	>=12.6.1<=12.6.7
Hitachienergy Rtu540 Firmware	>=12.7.1<=12.7.3
Hitachienergy Rtu540 Firmware	>=13.2.1<=13.2.4
Hitachienergy Rtu540 Firmware	=13.3.1
Hitachienergy Rtu540
All of
Any of
Hitachienergy Rtu560 Firmware	>=12.0.1<=12.0.13
Hitachienergy Rtu560 Firmware	>=12.2.1<=12.2.11
Hitachienergy Rtu560 Firmware	>=12.4.1<=12.4.11
Hitachienergy Rtu560 Firmware	>=12.6.1<=12.6.7
Hitachienergy Rtu560 Firmware	>=12.7.1<=12.7.3
Hitachienergy Rtu560 Firmware	>=13.2.1<=13.2.4
Hitachienergy Rtu560 Firmware	=13.3.1
Hitachienergy Rtu560

Never miss a vulnerability like this again

Reference Links

https://publisher.hitachienergy.com/preview?DocumentID=8DBD000111&LanguageCode=en&DocumentPartId=&Action=Launch

Frequently Asked Questions

What is the severity of CVE-2022-2081?
CVE-2022-2081 has been assigned a severity rating that depends on the potential impact of an attack exploiting the vulnerability.
How do I fix CVE-2022-2081?
To fix CVE-2022-2081, ensure that the HCI Modbus TCP function is disabled if not in use, and update to the latest firmware version provided by Hitachi Energy.
Which versions of firmware are affected by CVE-2022-2081?
CVE-2022-2081 affects Hitachi Energy RTU520, RTU530, RTU540, and RTU560 firmware versions within specific ranges as listed for each model.
What kind of attack can exploit CVE-2022-2081?
An attacker can exploit CVE-2022-2081 by sending specially crafted messages at a high rate to the affected RTU500 devices.
Is there a workaround for CVE-2022-2081?
A potential workaround for CVE-2022-2081 is to configure settings to minimize exposure, such as restricting network access to the HCI Modbus TCP function.

agent/type
agent/event
agent/first-publish-date
agent/severity
agent/author
agent/references
agent/softwarecombine
agent/description
agent/tags
collector/mitre-cve
source/MITRE
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/weakness
agent/last-modified-date
agent/source
vendor/hitachienergy
canonical/hitachienergy rtu520 firmware
version/hitachienergy rtu520 firmware/12.0.1
version/hitachienergy rtu520 firmware/12.0.13
version/hitachienergy rtu520 firmware/12.2.1
version/hitachienergy rtu520 firmware/12.2.11
version/hitachienergy rtu520 firmware/12.4.1
version/hitachienergy rtu520 firmware/12.4.11
version/hitachienergy rtu520 firmware/12.6.1
version/hitachienergy rtu520 firmware/12.6.7
version/hitachienergy rtu520 firmware/12.7.1
version/hitachienergy rtu520 firmware/12.7.3
version/hitachienergy rtu520 firmware/13.2.1
version/hitachienergy rtu520 firmware/13.2.4
version/hitachienergy rtu520 firmware/13.3.1
canonical/hitachienergy rtu520
canonical/hitachienergy rtu530 firmware
version/hitachienergy rtu530 firmware/12.0.1
version/hitachienergy rtu530 firmware/12.0.13
version/hitachienergy rtu530 firmware/12.2.1
version/hitachienergy rtu530 firmware/12.2.11
version/hitachienergy rtu530 firmware/12.4.1
version/hitachienergy rtu530 firmware/12.4.11
version/hitachienergy rtu530 firmware/12.6.1
version/hitachienergy rtu530 firmware/12.6.7
version/hitachienergy rtu530 firmware/12.7.1
version/hitachienergy rtu530 firmware/12.7.3
version/hitachienergy rtu530 firmware/13.2.1
version/hitachienergy rtu530 firmware/13.2.4
version/hitachienergy rtu530 firmware/13.3.1
canonical/hitachienergy rtu530
canonical/hitachienergy rtu540 firmware
version/hitachienergy rtu540 firmware/12.0.1
version/hitachienergy rtu540 firmware/12.0.13
version/hitachienergy rtu540 firmware/12.2.1
version/hitachienergy rtu540 firmware/12.2.11
version/hitachienergy rtu540 firmware/12.4.1
version/hitachienergy rtu540 firmware/12.4.11
version/hitachienergy rtu540 firmware/12.6.1
version/hitachienergy rtu540 firmware/12.6.7
version/hitachienergy rtu540 firmware/12.7.1
version/hitachienergy rtu540 firmware/12.7.3
version/hitachienergy rtu540 firmware/13.2.1
version/hitachienergy rtu540 firmware/13.2.4
version/hitachienergy rtu540 firmware/13.3.1
canonical/hitachienergy rtu540
canonical/hitachienergy rtu560 firmware
version/hitachienergy rtu560 firmware/12.0.1
version/hitachienergy rtu560 firmware/12.0.13
version/hitachienergy rtu560 firmware/12.2.1
version/hitachienergy rtu560 firmware/12.2.11
version/hitachienergy rtu560 firmware/12.4.1
version/hitachienergy rtu560 firmware/12.4.11
version/hitachienergy rtu560 firmware/12.6.1
version/hitachienergy rtu560 firmware/12.6.7
version/hitachienergy rtu560 firmware/12.7.1
version/hitachienergy rtu560 firmware/12.7.3
version/hitachienergy rtu560 firmware/13.2.1
version/hitachienergy rtu560 firmware/13.2.4
version/hitachienergy rtu560 firmware/13.3.1
canonical/hitachienergy rtu560