VAR-202312-1753
Vulnerability from variot - Updated: 2025-02-14 23:10Vulnerability exists in SCI IEC 60870-5-104 and HCI IEC 60870-5-104 that affects the RTU500 series product versions listed below. Specially crafted messages sent to the mentioned components are not validated properly and can result in buffer overflow and as final consequence to a reboot of an RTU500 CMU. Hitachi Energy of rtu500 Firmware has a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. RTU500 is a series of industrial control components of Hitachi, Japan, mainly used in industrial control systems. Attackers can exploit the vulnerability to cause a buffer overflow and eventually cause the RTU500 CMU to restart
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202312-1753",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rtu500",
"scope": "lt",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.2.12.0"
},
{
"model": "rtu500",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.6.1.0"
},
{
"model": "rtu500",
"scope": "lt",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "13.2.7.0"
},
{
"model": "rtu500",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.2.1.0"
},
{
"model": "rtu500",
"scope": "lt",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.0.15.0"
},
{
"model": "rtu500",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "13.5.1.0"
},
{
"model": "rtu500",
"scope": "lt",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "13.4.4.0"
},
{
"model": "rtu500",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "13.2.1.0"
},
{
"model": "rtu500",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.4.1.0"
},
{
"model": "rtu500",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "13.4.1.0"
},
{
"model": "rtu500",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.0.1.0"
},
{
"model": "rtu500",
"scope": "lt",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.7.7.0"
},
{
"model": "rtu500",
"scope": "gte",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.7.1.0"
},
{
"model": "rtu500",
"scope": "lt",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.4.12.0"
},
{
"model": "rtu500",
"scope": "lt",
"trust": 1.0,
"vendor": "hitachienergy",
"version": "12.6.10.0"
},
{
"model": "rtu500",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi energy",
"version": "rtu500 firmware 13.5.1.0"
},
{
"model": "rtu500",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi energy",
"version": "rtu500 firmware 12.0.1.0 that\u0027s all 12.0.15.0"
},
{
"model": "rtu500",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi energy",
"version": null
},
{
"model": "rtu500",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi energy",
"version": "rtu500 firmware 12.7.1.0 that\u0027s all 12.7.7.0"
},
{
"model": "rtu500",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi energy",
"version": "rtu500 firmware 12.6.1.0 that\u0027s all 12.6.10.0"
},
{
"model": "rtu500",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi energy",
"version": "rtu500 firmware 13.2.1.0 that\u0027s all 13.2.7.0"
},
{
"model": "rtu500",
"scope": null,
"trust": 0.8,
"vendor": "hitachi energy",
"version": null
},
{
"model": "rtu500",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi energy",
"version": "rtu500 firmware 13.4.1.0 that\u0027s all 13.4.4.0"
},
{
"model": "rtu500",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi energy",
"version": "rtu500 firmware 12.2.1.0 that\u0027s all 12.2.12.0"
},
{
"model": "rtu500",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi energy",
"version": "rtu500 firmware 12.4.1.0 that\u0027s all 12.4.12.0"
},
{
"model": "energy rtu500 series cmu",
"scope": "gte",
"trust": 0.6,
"vendor": "hitachi",
"version": "12.2.1,\u003c=12.2.11"
},
{
"model": "energy rtu500 series cmu",
"scope": "gte",
"trust": 0.6,
"vendor": "hitachi",
"version": "12.4.1,\u003c=12.4.11"
},
{
"model": "energy rtu500 series cmu",
"scope": "gte",
"trust": 0.6,
"vendor": "hitachi",
"version": "12.6.1,\u003c=12.6.9"
},
{
"model": "energy rtu500 series cmu",
"scope": "gte",
"trust": 0.6,
"vendor": "hitachi",
"version": "12.7.1,\u003c=12.7.6"
},
{
"model": "energy rtu500 series cmu",
"scope": "gte",
"trust": 0.6,
"vendor": "hitachi",
"version": "13.2.1,\u003c=13.2.6"
},
{
"model": "energy rtu500 series cmu",
"scope": "gte",
"trust": 0.6,
"vendor": "hitachi",
"version": "12.0.1,\u003c=12.0.14"
},
{
"model": "energy rtu500 series cmu",
"scope": "gte",
"trust": 0.6,
"vendor": "hitachi",
"version": "13.4.1,\u003c=13.4.3"
},
{
"model": "energy rtu500 series cmu",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "13.5.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-02737"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-023919"
},
{
"db": "NVD",
"id": "CVE-2023-6711"
}
]
},
"cve": "CVE-2023-6711",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 5.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.9,
"id": "CNVD-2025-02737",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2023-6711",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "cybersecurity@hitachienergy.com",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.2,
"id": "CVE-2023-6711",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2023-6711",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-6711",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "cybersecurity@hitachienergy.com",
"id": "CVE-2023-6711",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2023-6711",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2025-02737",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-02737"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-023919"
},
{
"db": "NVD",
"id": "CVE-2023-6711"
},
{
"db": "NVD",
"id": "CVE-2023-6711"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerability exists in SCI IEC 60870-5-104 and HCI IEC 60870-5-104 that affects the RTU500 series product versions listed below. Specially crafted messages sent to the mentioned components are not validated properly and can result in buffer overflow and as final consequence to a reboot of an RTU500 CMU. Hitachi Energy of rtu500 Firmware has a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. RTU500 is a series of industrial control components of Hitachi, Japan, mainly used in industrial control systems. Attackers can exploit the vulnerability to cause a buffer overflow and eventually cause the RTU500 CMU to restart",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-6711"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-023919"
},
{
"db": "CNVD",
"id": "CNVD-2025-02737"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-6711",
"trust": 3.2
},
{
"db": "JVN",
"id": "JVNVU98968158",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-24-354-01",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-023919",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2025-02737",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-02737"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-023919"
},
{
"db": "NVD",
"id": "CVE-2023-6711"
}
]
},
"id": "VAR-202312-1753",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-02737"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-02737"
}
]
},
"last_update_date": "2025-02-14T23:10:23.887000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Hitachi Energy RTU500 series CMU Firmware Input Validation Error Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/654811"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-02737"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.0
},
{
"problemtype": "Classic buffer overflow (CWE-120) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-023919"
},
{
"db": "NVD",
"id": "CVE-2023-6711"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://publisher.hitachienergy.com/preview?documentid=8dbd000184\u0026languagecode=en\u0026preview=true"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu98968158/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-6711"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-354-01"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-6711/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-02737"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-023919"
},
{
"db": "NVD",
"id": "CVE-2023-6711"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-02737"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-023919"
},
{
"db": "NVD",
"id": "CVE-2023-6711"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-02-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-02737"
},
{
"date": "2024-01-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-023919"
},
{
"date": "2023-12-19T15:15:09.257000",
"db": "NVD",
"id": "CVE-2023-6711"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-02-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-02737"
},
{
"date": "2024-12-23T03:23:00",
"db": "JVNDB",
"id": "JVNDB-2023-023919"
},
{
"date": "2024-09-25T09:15:02.930000",
"db": "NVD",
"id": "CVE-2023-6711"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hitachi\u00a0Energy\u00a0 of \u00a0rtu500\u00a0 Classic buffer overflow vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-023919"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…