CVE-2022-2081

{"id": "CVE-2022-2081", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "cybersecurity@hitachienergy.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-01-04T10:15:10.927", "references": [{"url": "https://publisher.hitachienergy.com/preview?DocumentID=8DBD000111&LanguageCode=en&DocumentPartId=&Action=Launch", "tags": ["Vendor Advisory"], "source": "cybersecurity@hitachienergy.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}, {"type": "Secondary", "source": "cybersecurity@hitachienergy.com", "description": [{"lang": "en", "value": "CWE-120"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability exists in the HCI Modbus TCP function included in the product versions listed above. If the HCI Modbus TCP is enabled and configured, an attacker could exploit the vulnerability by sending a specially crafted message to the RTU500 in a high rate, causing the targeted RTU500 CMU to reboot. The vulnerability is caused by a lack of flood control which eventually if exploited causes an internal stack overflow in the HCI Modbus TCP function."}, {"lang": "es", "value": "Existe una vulnerabilidad en la funci\u00f3n HCI Modbus TCP incluida en las versiones de producto enumeradas anteriormente. Si HCI Modbus TCP est\u00e1 habilitado y configurado, un atacante podr\u00eda aprovechar la vulnerabilidad enviando un mensaje especialmente manipulado a la RTU500 a alta velocidad, lo que provocar\u00eda que la CMU RTU500 objetivo se reiniciara. La vulnerabilidad se debe a una falta de control de inundaciones que eventualmente, si se explota, provoca un desbordamiento de pila interna en la funci\u00f3n HCI Modbus TCP."}], "lastModified": "2024-01-10T16:39:45.477", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hitachienergy:rtu520_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F5E23735-DB56-4C1E-8389-B06018CC4D9E", "versionEndIncluding": "12.0.13", "versionStartIncluding": "12.0.1"}, {"criteria": "cpe:2.3:o:hitachienergy:rtu520_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2469A78A-6F37-4F4B-BED8-060914B2D0A4", "versionEndIncluding": "12.2.11", "versionStartIncluding": "12.2.1"}, {"criteria": "cpe:2.3:o:hitachienergy:rtu520_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E9E6934B-EBB2-45FB-8E4A-7D360CBA0F92", "versionEndIncluding": "12.4.11", "versionStartIncluding": "12.4.1"}, {"criteria": "cpe:2.3:o:hitachienergy:rtu520_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A8966632-8645-43D6-AB52-8BC1C1BDB6DD", "versionEndIncluding": "12.6.7", "versionStartIncluding": "12.6.1"}, {"criteria": "cpe:2.3:o:hitachienergy:rtu520_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F12F1A20-9D3C-4F2B-B538-8B4EABD288C9", "versionEndIncluding": "12.7.3", "versionStartIncluding": "12.7.1"}, {"criteria": "cpe:2.3:o:hitachienergy:rtu520_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F7A0F9D4-E9ED-4351-8909-EEE689DE2BF4", "versionEndIncluding": "13.2.4", "versionStartIncluding": "13.2.1"}, {"criteria": "cpe:2.3:o:hitachienergy:rtu520_firmware:13.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1621CAF4-C18A-48B5-82AC-F8D09105656A"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hitachienergy:rtu520:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "11AF93AD-200F-47A6-BA2C-F82165AFB50D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hitachienergy:rtu530_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BB001482-F203-4731-A6DD-6BCE3C1338CA", "versionEndIncluding": "12.0.13", "versionStartIncluding": "12.0.1"}, {"criteria": "cpe:2.3:o:hitachienergy:rtu530_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "79BC5D4A-09B2-41FB-962A-CF580181EB2C", "versionEndIncluding": "12.2.11", "versionStartIncluding": "12.2.1"}, {"criteria": "cpe:2.3:o:hitachienergy:rtu530_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A30CDB2F-E0CC-4440-9E59-AB339F94996F", "versionEndIncluding": "12.4.11", "versionStartIncluding": "12.4.1"}, {"criteria": "cpe:2.3:o:hitachienergy:rtu530_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "56598D9D-5BCB-42C6-8705-AB79C4BD2A9A", "versionEndIncluding": "12.6.7", "versionStartIncluding": "12.6.1"}, {"criteria": "cpe:2.3:o:hitachienergy:rtu530_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B4FDE92C-733F-4B52-8BE6-E37898B39075", "versionEndIncluding": "12.7.3", "versionStartIncluding": "12.7.1"}, {"criteria": "cpe:2.3:o:hitachienergy:rtu530_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2209D1D9-94CD-4D8B-BB80-39CC129FEEF4", "versionEndIncluding": "13.2.4", "versionStartIncluding": "13.2.1"}, {"criteria": "cpe:2.3:o:hitachienergy:rtu530_firmware:13.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BACEC63E-0548-483F-813E-C04F4C95970E"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hitachienergy:rtu530:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FC6F9377-E6BB-4DEA-9D87-0AF792CBAC57"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hitachienergy:rtu540_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8F1F7579-050B-4216-A4D5-FD74C8A19618", "versionEndIncluding": "12.0.13", "versionStartIncluding": "12.0.1"}, {"criteria": "cpe:2.3:o:hitachienergy:rtu540_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "803838B5-058E-436B-8CE5-BF711456F96B", "versionEndIncluding": "12.2.11", "versionStartIncluding": "12.2.1"}, {"criteria": "cpe:2.3:o:hitachienergy:rtu540_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A0361A98-1496-4763-A489-DCAE0D0DF613", "versionEndIncluding": "12.4.11", "versionStartIncluding": "12.4.1"}, {"criteria": "cpe:2.3:o:hitachienergy:rtu540_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "762AB8CE-068D-46D4-A275-154A2AC58E55", "versionEndIncluding": "12.6.7", "versionStartIncluding": "12.6.1"}, {"criteria": "cpe:2.3:o:hitachienergy:rtu540_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4DF9263A-D1DB-4899-99C2-88B59847C808", "versionEndIncluding": "12.7.3", "versionStartIncluding": "12.7.1"}, {"criteria": "cpe:2.3:o:hitachienergy:rtu540_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "15B3C46C-0A5E-4142-A096-94A513DD8004", "versionEndIncluding": "13.2.4", "versionStartIncluding": "13.2.1"}, {"criteria": "cpe:2.3:o:hitachienergy:rtu540_firmware:13.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E8B2A709-9538-47C9-9E70-DBC1D2817E79"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hitachienergy:rtu540:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6EEFDEF0-883D-402B-9CD4-333A145E3C75"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hitachienergy:rtu560_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0708BD2D-FEA4-4C97-9C3A-B4E67EA3D926", "versionEndIncluding": "12.0.13", "versionStartIncluding": "12.0.1"}, {"criteria": "cpe:2.3:o:hitachienergy:rtu560_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6BDB5A36-9B2F-43F9-A81B-506C4660151F", "versionEndIncluding": "12.2.11", "versionStartIncluding": "12.2.1"}, {"criteria": "cpe:2.3:o:hitachienergy:rtu560_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F25FBFD5-BC45-49C9-87D4-A9C05405490D", "versionEndIncluding": "12.4.11", "versionStartIncluding": "12.4.1"}, {"criteria": "cpe:2.3:o:hitachienergy:rtu560_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0505DF4D-0B06-4E61-B756-C2B5D31B85A0", "versionEndIncluding": "12.6.7", "versionStartIncluding": "12.6.1"}, {"criteria": "cpe:2.3:o:hitachienergy:rtu560_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9495E9A9-733C-4073-8B39-1A08A88B05A7", "versionEndIncluding": "12.7.3", "versionStartIncluding": "12.7.1"}, {"criteria": "cpe:2.3:o:hitachienergy:rtu560_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "269F1D56-A575-487D-B5ED-4E774C26BA3B", "versionEndIncluding": "13.2.4", "versionStartIncluding": "13.2.1"}, {"criteria": "cpe:2.3:o:hitachienergy:rtu560_firmware:13.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "530437F6-6F90-45D5-821C-B87C292C0CCC"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hitachienergy:rtu560:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "495DCBD6-D2D1-4295-81D1-6ACA1B2CA223"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cybersecurity@hitachienergy.com"}