SB2023080925 - Multiple vulnerabilities in Hitachi Energy RTU500 series

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Stack-based buffer overflow (CVE-ID: CVE-2022-2502)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the HCI IEC 60870-5-104 function. A remote unauthenticated attacker can trigger stack-based buffer overflow and cause a denial of service condition on the target system.

2) Stack-based buffer overflow (CVE-ID: CVE-2022-4608)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in HCI IEC 60870-5-104 function. A remote unauthenticated attacker can trigger stack-based buffer overflow and cause a denial of service condition on the target system.

Remediation

Install update from vendor's website.

References

• https://search.abb.com/library/Download.aspx?DocumentID=8DBD000121&LanguageCode=en&DocumentPartId=&Action=Launch
• https://www.cisa.gov/news-events/ics-advisories/icsa-23-220-02
• https://search.abb.com/library/Download.aspx?DocumentID=8DBD000121&LanguageCode=en&DocumentPartId=&Action=Launch