First published: Mon May 02 2022(Updated: )
A vulnerability in the HCI Modbus TCP COMPONENT of Hitachi Energy RTU500 series CMU Firmware that is caused by the validation error in the length information carried in MBAP header allows an ATTACKER to reboot the device by sending a special crafted message. This issue affects: Hitachi Energy RTU500 series CMU Firmware 12.0.*; 12.2.*; 12.4.*; 12.6.*; 12.7.*; 13.2.*.
Credit: cybersecurity@hitachienergy.com cybersecurity@hitachienergy.com
Affected Software | Affected Version | How to fix |
---|---|---|
Abb Rtu500 Firmware | >=12.2.1.0<12.2.12.0 | |
Hitachienergy Rtu500 Firmware | >=12.0.1.0<12.0.14.0 | |
Hitachienergy Rtu500 Firmware | >=12.4.1.0<12.4.12.0 | |
Hitachienergy Rtu500 Firmware | >=12.6.1.0<12.6.8.0 | |
Hitachienergy Rtu500 Firmware | >=12.7.1.0<12.7.4.0 | |
Hitachienergy Rtu500 Firmware | >=13.2.1.0<13.2.5.0 | |
Hitachienergy Rtu500 |
Remediation available, see the advisory for details.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this issue is CVE-2022-28613.
The severity of CVE-2022-28613 is high with a CVSS score of 7.5.
The affected software for CVE-2022-28613 includes Hitachi Energy RTU500 series CMU Firmware versions from 12.2.1.0 to 12.2.12.0, 12.0.1.0 to 12.0.14.0, 12.4.1.0 to 12.4.12.0, 12.6.1.0 to 12.6.8.0, 12.7.1.0 to 12.7.4.0, and 13.2.1.0 to 13.2.5.0.
The issue with the affected software is a validation error in the length information carried in MBAP header, which allows an attacker to reboot the device by sending a specially crafted message.
To fix the vulnerability in Hitachi Energy RTU500 series CMU Firmware, it is recommended to update to a version that is not affected by the issue.