VAR-202312-1566
Vulnerability from variot - Updated: 2025-02-14 23:00A vulnerability exists in the component RTU500 Scripting interface. When a client connects to a server using TLS, the server presents a certificate. This certificate links a public key to the identity of the service and is signed by a Certification Authority (CA), allowing the client to validate that the remote service can be trusted and is not malicious. If the client does not validate the parameters of the certificate, then attackers could be able to spoof the identity of the service. An attacker could exploit the vulnerability by using faking the identity of a RTU500 device and intercepting the messages initiated via the RTU500 Scripting interface. RTU500 is a series of industrial control components of Hitachi, Japan, mainly used in industrial control systems. RTU500 Scripting interface is part of the Hitachi Energy RTU500 series of industrial control components, mainly used to provide a script programming interface to achieve specific automation control and data processing functions. This interface supports the control of various functions of RTU500 through script programming, including data acquisition, execution of control commands, etc
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202312-1566",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rtu500 scripting interface",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "1.0.2"
},
{
"model": "rtu500 scripting interface",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "1.1.1"
},
{
"model": "rtu500 scripting interface",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "1.0.1.30"
},
{
"model": "rtu500 scripting interface",
"scope": null,
"trust": 0.8,
"vendor": "hitachi energy",
"version": null
},
{
"model": "rtu500 scripting interface",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi energy",
"version": "1.0.1.30"
},
{
"model": "rtu500 scripting interface",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi energy",
"version": "1.0.2"
},
{
"model": "rtu500 scripting interface",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi energy",
"version": null
},
{
"model": "rtu500 scripting interface",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi energy",
"version": "1.1.1"
},
{
"model": "energy rtu500 scripting interface",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "1.0.1.30"
},
{
"model": "energy rtu500 scripting interface",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "1.0.2"
},
{
"model": "energy rtu500 scripting interface",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "1.1.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-02738"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-023921"
},
{
"db": "NVD",
"id": "CVE-2023-1514"
}
]
},
"cve": "CVE-2023-1514",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "CNVD-2025-02738",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2023-1514",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "cybersecurity@hitachienergy.com",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2023-1514",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2023-1514",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-1514",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "cybersecurity@hitachienergy.com",
"id": "CVE-2023-1514",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-1514",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2025-02738",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-02738"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-023921"
},
{
"db": "NVD",
"id": "CVE-2023-1514"
},
{
"db": "NVD",
"id": "CVE-2023-1514"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability exists in the component RTU500 Scripting interface. When a client connects to a server using TLS, the server presents a certificate. This certificate links a public key to the identity of the service and is signed by a Certification Authority (CA), allowing the client to validate that the remote service can be trusted\u00a0and is not malicious. If the client does not validate the parameters of the certificate, then attackers could be able to spoof the identity of the service. An attacker could exploit the vulnerability by using faking the identity of a RTU500 device and intercepting the messages initiated via the RTU500 Scripting interface. RTU500 is a series of industrial control components of Hitachi, Japan, mainly used in industrial control systems. RTU500 Scripting interface is part of the Hitachi Energy RTU500 series of industrial control components, mainly used to provide a script programming interface to achieve specific automation control and data processing functions. This interface supports the control of various functions of RTU500 through script programming, including data acquisition, execution of control commands, etc",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-1514"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-023921"
},
{
"db": "CNVD",
"id": "CNVD-2025-02738"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-1514",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-24-331-05",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU95579677",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-023921",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2025-02738",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-02738"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-023921"
},
{
"db": "NVD",
"id": "CVE-2023-1514"
}
]
},
"id": "VAR-202312-1566",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-02738"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-02738"
}
]
},
"last_update_date": "2025-02-14T23:00:32.758000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Hitachi Energy RTU500 Scripting interface\u200c Trust Management Issue Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/654816"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-02738"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-295",
"trust": 1.0
},
{
"problemtype": "Illegal certificate verification (CWE-295) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-023921"
},
{
"db": "NVD",
"id": "CVE-2023-1514"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://publisher.hitachienergy.com/preview?documentid=8dbd000152\u0026languagecode=en\u0026preview=true"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95579677/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-1514"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-331-05"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-1514/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-02738"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-023921"
},
{
"db": "NVD",
"id": "CVE-2023-1514"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-02738"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-023921"
},
{
"db": "NVD",
"id": "CVE-2023-1514"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-02-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-02738"
},
{
"date": "2024-01-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-023921"
},
{
"date": "2023-12-19T15:15:08.037000",
"db": "NVD",
"id": "CVE-2023-1514"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-02-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-02738"
},
{
"date": "2024-11-28T04:56:00",
"db": "JVNDB",
"id": "JVNDB-2023-023921"
},
{
"date": "2023-12-28T17:00:22.227000",
"db": "NVD",
"id": "CVE-2023-1514"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hitachi\u00a0Energy\u00a0 of \u00a0rtu500\u00a0scripting\u00a0interface\u00a0 Certificate validation vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-023921"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…