First published: Fri Dec 01 2023(Updated: )
A vulnerability exists in the input validation of the GOOSE messages where out of range values received and processed by the IED caused a reboot of the device. In order for an attacker to exploit the vulnerability, goose receiving blocks need to be configured.
Credit: cybersecurity@hitachienergy.com
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
Any of | ||
Hitachienergy Relion 670 Firmware | >=2.2.0<2.2.2.6 | |
Hitachienergy Relion 670 Firmware | >=2.2.3<2.2.3.7 | |
Hitachienergy Relion 670 Firmware | >=2.2.4<2.2.4.4 | |
Hitachienergy Relion 670 Firmware | >=2.2.5<2.2.5.6 | |
Hitachienergy Relion 670 | ||
All of | ||
Any of | ||
Hitachienergy Relion 650 Firmware | >=2.2.4<2.2.4.4 | |
Hitachienergy Relion 650 Firmware | >=2.2.5<2.2.5.6 | |
Hitachienergy Relion 650 Firmware | =2.2.1 | |
Hitachienergy Relion 650 Firmware | =2.2.1.6 | |
Hitachienergy Relion 650 | ||
All of | ||
Any of | ||
Hitachienergy Relion Sam600-io Firmware | >=2.2.5<2.2.5.6 | |
Hitachienergy Relion Sam600-io Firmware | =2.2.1 | |
Hitachienergy Relion Sam600-io Firmware | =2.2.1.6 | |
Hitachienergy Relion Sam600-io |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2023-4518.
The severity of the vulnerability is high, with a severity value of 7.5.
The vulnerability affects Hitachienergy Relion 670 Firmware and Relion 650 Firmware.
The vulnerability can cause a reboot of the device if exploited.
It is recommended to refer to the vendor's website for available fixes and patches.