Search criteria
1 vulnerability found for rtu500 by hitachienergy
VAR-202312-1753
Vulnerability from variot - Updated: 2025-02-14 23:10Vulnerability exists in SCI IEC 60870-5-104 and HCI IEC 60870-5-104 that affects the RTU500 series product versions listed below. Specially crafted messages sent to the mentioned components are not validated properly and can result in buffer overflow and as final consequence to a reboot of an RTU500 CMU. Hitachi Energy of rtu500 Firmware has a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. RTU500 is a series of industrial control components of Hitachi, Japan, mainly used in industrial control systems. Attackers can exploit the vulnerability to cause a buffer overflow and eventually cause the RTU500 CMU to restart
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202312-1753",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rtu500",
"scope": "lt",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.2.12.0"
},
{
"model": "rtu500",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.6.1.0"
},
{
"model": "rtu500",
"scope": "lt",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "13.2.7.0"
},
{
"model": "rtu500",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.2.1.0"
},
{
"model": "rtu500",
"scope": "lt",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.0.15.0"
},
{
"model": "rtu500",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "13.5.1.0"
},
{
"model": "rtu500",
"scope": "lt",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "13.4.4.0"
},
{
"model": "rtu500",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "13.2.1.0"
},
{
"model": "rtu500",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.4.1.0"
},
{
"model": "rtu500",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "13.4.1.0"
},
{
"model": "rtu500",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.0.1.0"
},
{
"model": "rtu500",
"scope": "lt",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.7.7.0"
},
{
"model": "rtu500",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.7.1.0"
},
{
"model": "rtu500",
"scope": "lt",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.4.12.0"
},
{
"model": "rtu500",
"scope": "lt",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.6.10.0"
},
{
"model": "rtu500",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi energy",
"version": "rtu500 firmware 13.5.1.0"
},
{
"model": "rtu500",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi energy",
"version": "rtu500 firmware 12.0.1.0 that\u0027s all 12.0.15.0"
},
{
"model": "rtu500",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi energy",
"version": null
},
{
"model": "rtu500",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi energy",
"version": "rtu500 firmware 12.7.1.0 that\u0027s all 12.7.7.0"
},
{
"model": "rtu500",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi energy",
"version": "rtu500 firmware 12.6.1.0 that\u0027s all 12.6.10.0"
},
{
"model": "rtu500",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi energy",
"version": "rtu500 firmware 13.2.1.0 that\u0027s all 13.2.7.0"
},
{
"model": "rtu500",
"scope": null,
"trust": 0.8,
"vendor": "hitachi energy",
"version": null
},
{
"model": "rtu500",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi energy",
"version": "rtu500 firmware 13.4.1.0 that\u0027s all 13.4.4.0"
},
{
"model": "rtu500",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi energy",
"version": "rtu500 firmware 12.2.1.0 that\u0027s all 12.2.12.0"
},
{
"model": "rtu500",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi energy",
"version": "rtu500 firmware 12.4.1.0 that\u0027s all 12.4.12.0"
},
{
"model": "energy rtu500 series cmu",
"scope": "gte",
"trust": 0.6,
"vendor": "hitachi",
"version": "12.2.1,\u003c=12.2.11"
},
{
"model": "energy rtu500 series cmu",
"scope": "gte",
"trust": 0.6,
"vendor": "hitachi",
"version": "12.4.1,\u003c=12.4.11"
},
{
"model": "energy rtu500 series cmu",
"scope": "gte",
"trust": 0.6,
"vendor": "hitachi",
"version": "12.6.1,\u003c=12.6.9"
},
{
"model": "energy rtu500 series cmu",
"scope": "gte",
"trust": 0.6,
"vendor": "hitachi",
"version": "12.7.1,\u003c=12.7.6"
},
{
"model": "energy rtu500 series cmu",
"scope": "gte",
"trust": 0.6,
"vendor": "hitachi",
"version": "13.2.1,\u003c=13.2.6"
},
{
"model": "energy rtu500 series cmu",
"scope": "gte",
"trust": 0.6,
"vendor": "hitachi",
"version": "12.0.1,\u003c=12.0.14"
},
{
"model": "energy rtu500 series cmu",
"scope": "gte",
"trust": 0.6,
"vendor": "hitachi",
"version": "13.4.1,\u003c=13.4.3"
},
{
"model": "energy rtu500 series cmu",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "13.5.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-02737"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-023919"
},
{
"db": "NVD",
"id": "CVE-2023-6711"
}
]
},
"cve": "CVE-2023-6711",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 5.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.9,
"id": "CNVD-2025-02737",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2023-6711",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "cybersecurity@hitachienergy.com",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.2,
"id": "CVE-2023-6711",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2023-6711",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-6711",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "cybersecurity@hitachienergy.com",
"id": "CVE-2023-6711",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2023-6711",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2025-02737",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-02737"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-023919"
},
{
"db": "NVD",
"id": "CVE-2023-6711"
},
{
"db": "NVD",
"id": "CVE-2023-6711"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerability exists in SCI IEC 60870-5-104 and HCI IEC 60870-5-104 that affects the RTU500 series product versions listed below. Specially crafted messages sent to the mentioned components are not validated properly and can result in buffer overflow and as final consequence to a reboot of an RTU500 CMU. Hitachi Energy of rtu500 Firmware has a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. RTU500 is a series of industrial control components of Hitachi, Japan, mainly used in industrial control systems. Attackers can exploit the vulnerability to cause a buffer overflow and eventually cause the RTU500 CMU to restart",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-6711"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-023919"
},
{
"db": "CNVD",
"id": "CNVD-2025-02737"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-6711",
"trust": 3.2
},
{
"db": "JVN",
"id": "JVNVU98968158",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-24-354-01",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-023919",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2025-02737",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-02737"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-023919"
},
{
"db": "NVD",
"id": "CVE-2023-6711"
}
]
},
"id": "VAR-202312-1753",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-02737"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-02737"
}
]
},
"last_update_date": "2025-02-14T23:10:23.887000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Hitachi Energy RTU500 series CMU Firmware Input Validation Error Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/654811"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-02737"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.0
},
{
"problemtype": "Classic buffer overflow (CWE-120) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-023919"
},
{
"db": "NVD",
"id": "CVE-2023-6711"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://publisher.hitachienergy.com/preview?documentid=8dbd000184\u0026languagecode=en\u0026preview=true"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu98968158/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-6711"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-354-01"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-6711/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-02737"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-023919"
},
{
"db": "NVD",
"id": "CVE-2023-6711"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-02737"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-023919"
},
{
"db": "NVD",
"id": "CVE-2023-6711"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-02-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-02737"
},
{
"date": "2024-01-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-023919"
},
{
"date": "2023-12-19T15:15:09.257000",
"db": "NVD",
"id": "CVE-2023-6711"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-02-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-02737"
},
{
"date": "2024-12-23T03:23:00",
"db": "JVNDB",
"id": "JVNDB-2023-023919"
},
{
"date": "2024-09-25T09:15:02.930000",
"db": "NVD",
"id": "CVE-2023-6711"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hitachi\u00a0Energy\u00a0 of \u00a0rtu500\u00a0 Classic buffer overflow vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-023919"
}
],
"trust": 0.8
}
}