CVE-2021-35533 - OpenCVE

Improper Input Validation vulnerability in the APDU parser in the Bidirectional Communication Interface (BCI) IEC 60870-5-104 function of Hitachi Energy RTU500 series allows an attacker to cause the receiving RTU500 CMU of which the BCI is enabled to reboot when receiving a specially crafted message. By default, BCI IEC 60870-5-104 function is disabled (not configured). This issue affects: Hitachi Energy RTU500 series CMU Firmware version 12.0.* (all versions); CMU Firmware version 12.2.* (all versions); CMU Firmware version 12.4.* (all versions).

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:N/AC:M/Au:N/C:N/I:N/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Hitachienergy	Rtu500 Rtu500 Firmware

Configuration 1 [-]

AND

OR	cpe:2.3:o:hitachienergy:rtu500_firmware:12.0:::::::*
	cpe:2.3:o:hitachienergy:rtu500_firmware:12.2:::::::*
	cpe:2.3:o:hitachienergy:rtu500_firmware:12.4:::::::*

cpe:2.3:h:hitachienergy:rtu500:-:*:*:*:*:*:*:*

References

Link	Resource
https://search.abb.com/library/Download.aspx?DocumentID=8DBD000063&LanguageCode=en&DocumentPartId=&Action=Launch	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Hitachi Energy

Published: 2021-11-17T00:00:00

Updated: 2021-11-26T16:37:27

Reserved: 2021-06-28T00:00:00

Link: CVE-2021-35533

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-11-26T17:15:07.743

Modified: 2023-05-16T21:04:23.433

Link: CVE-2021-35533

JSON object: View

Redhat Information

No data.

CWE

CWE-20

{"containers": {"cna": {"affected": [{"product": "RTU500 series", "vendor": "Hitachi Energy", "versions": [{"lessThanOrEqual": "12.0.*", "status": "affected", "version": "CMU Firmware version 12.0", "versionType": "custom"}, {"lessThanOrEqual": "12.2.*", "status": "affected", "version": "CMU Firmware version 12.2", "versionType": "custom"}, {"lessThanOrEqual": "12.4.*", "status": "affected", "version": "CMU Firmware version 12.4", "versionType": "custom"}]}], "datePublic": "2021-11-17T00:00:00", "descriptions": [{"lang": "en", "value": "Improper Input Validation vulnerability in the APDU parser in the Bidirectional Communication Interface (BCI) IEC 60870-5-104 function of Hitachi Energy RTU500 series allows an attacker to cause the receiving RTU500 CMU of which the BCI is enabled to reboot when receiving a specially crafted message. By default, BCI IEC 60870-5-104 function is disabled (not configured). This issue affects: Hitachi Energy RTU500 series CMU Firmware version 12.0.* (all versions); CMU Firmware version 12.2.* (all versions); CMU Firmware version 12.4.* (all versions)."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-11-26T16:37:27", "orgId": "e383dce4-0c27-4495-91c4-0db157728d17", "shortName": "Hitachi Energy"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000063&LanguageCode=en&DocumentPartId=&Action=Launch"}], "solutions": [{"lang": "en", "value": "- Disable BCI IEC 60870-5-104 function by configuration if it is not used.\n- Update to RTU500 series CMU Firmware version 12.6.5.0 or later (e.g., RTU500 CMU Firmware version 12.7.* or CMU Firmware version 13.2.* or later).\n"}], "source": {"discovery": "INTERNAL"}, "title": "Specially Crafted IEC 60870-5-104 Packet Vulnerability in RTU500 series", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cybersecurity@hitachienergy.com", "DATE_PUBLIC": "2021-11-17T14:00:00.000Z", "ID": "CVE-2021-35533", "STATE": "PUBLIC", "TITLE": "Specially Crafted IEC 60870-5-104 Packet Vulnerability in RTU500 series"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "RTU500 series", "version": {"version_data": [{"version_affected": "<=", "version_name": "CMU Firmware version 12.0", "version_value": "12.0.*"}, {"version_affected": "<=", "version_name": "CMU Firmware version 12.2", "version_value": "12.2.*"}, {"version_affected": "<=", "version_name": "CMU Firmware version 12.4", "version_value": "12.4.*"}]}}]}, "vendor_name": "Hitachi Energy"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Improper Input Validation vulnerability in the APDU parser in the Bidirectional Communication Interface (BCI) IEC 60870-5-104 function of Hitachi Energy RTU500 series allows an attacker to cause the receiving RTU500 CMU of which the BCI is enabled to reboot when receiving a specially crafted message. By default, BCI IEC 60870-5-104 function is disabled (not configured). This issue affects: Hitachi Energy RTU500 series CMU Firmware version 12.0.* (all versions); CMU Firmware version 12.2.* (all versions); CMU Firmware version 12.4.* (all versions)."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-20 Improper Input Validation"}]}]}, "references": {"reference_data": [{"name": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000063&LanguageCode=en&DocumentPartId=&Action=Launch", "refsource": "CONFIRM", "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000063&LanguageCode=en&DocumentPartId=&Action=Launch"}]}, "solution": [{"lang": "en", "value": "- Disable BCI IEC 60870-5-104 function by configuration if it is not used.\n- Update to RTU500 series CMU Firmware version 12.6.5.0 or later (e.g., RTU500 CMU Firmware version 12.7.* or CMU Firmware version 13.2.* or later).\n"}], "source": {"discovery": "INTERNAL"}, "work_around": [{"lang": "en"}]}}}, "cveMetadata": {"assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17", "assignerShortName": "Hitachi Energy", "cveId": "CVE-2021-35533", "datePublished": "2021-11-17T00:00:00", "dateReserved": "2021-06-28T00:00:00", "dateUpdated": "2021-11-26T16:37:27", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hitachienergy:rtu500_firmware:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BA3F33A-8787-4128-A790-685BCB272A82", "vulnerable": true}, {"criteria": "cpe:2.3:o:hitachienergy:rtu500_firmware:12.2:*:*:*:*:*:*:*", "matchCriteriaId": "FCD4343D-4B6E-4D6A-A2F3-EFA5CFE4290D", "vulnerable": true}, {"criteria": "cpe:2.3:o:hitachienergy:rtu500_firmware:12.4:*:*:*:*:*:*:*", "matchCriteriaId": "9CCC7155-16F2-4E60-ABCB-0E6FF71CEC67", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hitachienergy:rtu500:-:*:*:*:*:*:*:*", "matchCriteriaId": "DE94252D-03EE-451B-8322-B4DBC790C6E9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Improper Input Validation vulnerability in the APDU parser in the Bidirectional Communication Interface (BCI) IEC 60870-5-104 function of Hitachi Energy RTU500 series allows an attacker to cause the receiving RTU500 CMU of which the BCI is enabled to reboot when receiving a specially crafted message. By default, BCI IEC 60870-5-104 function is disabled (not configured). This issue affects: Hitachi Energy RTU500 series CMU Firmware version 12.0.* (all versions); CMU Firmware version 12.2.* (all versions); CMU Firmware version 12.4.* (all versions)."}, {"lang": "es", "value": "Una vulnerabilidad de comprobaci\u00f3n de entrada inapropiada en el analizador de APDU en la funci\u00f3n IEC 60870-5-104 de la interfaz de comunicaci\u00f3n bidireccional (BCI) de la serie RTU500 de Hitachi Energy permite a un atacante causar el reinicio de la CMU RTU500 receptora en la que est\u00e1 habilitado el BCI cuando recibe un mensaje especialmente dise\u00f1ado. Por defecto, la funci\u00f3n BCI IEC 60870-5-104 est\u00e1 deshabilitada (no configurada). Este problema afecta a: Firmware de la CMU de la serie Hitachi Energy RTU500, versi\u00f3n 12.0.* (todas las versiones); Firmware de la CMU, versi\u00f3n 12.2.* (todas las versiones); Firmware de la CMU, versi\u00f3n 12.4.* (todas las versiones)"}], "id": "CVE-2021-35533", "lastModified": "2023-05-16T21:04:23.433", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "cybersecurity@hitachienergy.com", "type": "Secondary"}]}, "published": "2021-11-26T17:15:07.743", "references": [{"source": "cybersecurity@hitachienergy.com", "tags": ["Vendor Advisory"], "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000063&LanguageCode=en&DocumentPartId=&Action=Launch"}], "sourceIdentifier": "cybersecurity@hitachienergy.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "cybersecurity@hitachienergy.com", "type": "Secondary"}]}