CVE-2023-4518 - OpenCVE

A vulnerability exists in the input validation of the GOOSE messages where out of range values received and processed by the IED caused a reboot of the device. In order for an attacker to exploit the vulnerability, goose receiving blocks need to be configured.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Hitachienergy	Relion Sam600-io Firmware Relion 650 Firmware Relion 670 Relion 650 Relion Sam600-io Relion 670 Firmware

Configuration 1 [-]

AND

OR	cpe:2.3:o:hitachienergy:relion_670_firmware::::::::
	cpe:2.3:o:hitachienergy:relion_670_firmware::::::::
	cpe:2.3:o:hitachienergy:relion_670_firmware::::::::
	cpe:2.3:o:hitachienergy:relion_670_firmware::::::::

cpe:2.3:h:hitachienergy:relion_670:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

OR	cpe:2.3:o:hitachienergy:relion_650_firmware::::::::
	cpe:2.3:o:hitachienergy:relion_650_firmware::::::::
	cpe:2.3:o:hitachienergy:relion_650_firmware:2.2.1:::::::*
	cpe:2.3:o:hitachienergy:relion_650_firmware:2.2.1.6:::::::*

cpe:2.3:h:hitachienergy:relion_650:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

OR	cpe:2.3:o:hitachienergy:relion_sam600-io_firmware::::::::
	cpe:2.3:o:hitachienergy:relion_sam600-io_firmware:2.2.1:::::::*
	cpe:2.3:o:hitachienergy:relion_sam600-io_firmware:2.2.1.6:::::::*

cpe:2.3:h:hitachienergy:relion_sam600-io:-:*:*:*:*:*:*:*

References

Link	Resource
https://publisher.hitachienergy.com/preview?DocumentId=8DBD000170&languageCode=en&Preview=true	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Hitachi Energy

Published: 2023-12-01T14:18:47.387Z

Updated: 2023-12-01T14:18:47.387Z

Reserved: 2023-08-24T12:58:41.362Z

Link: CVE-2023-4518

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-12-01T15:15:07.860

Modified: 2023-12-06T18:55:10.680

Link: CVE-2023-4518

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-4518", "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17", "state": "PUBLISHED", "assignerShortName": "Hitachi Energy", "dateReserved": "2023-08-24T12:58:41.362Z", "datePublished": "2023-12-01T14:18:47.387Z", "dateUpdated": "2023-12-01T14:18:47.387Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "Relion670", "vendor": "Hitachi Energy", "versions": [{"status": "affected", "version": " Relion 670 series version 2.2.0 all revisions"}, {"status": "affected", "version": "Relion 670/650/SAM600-IO series version 2.2.1 all revisions"}, {"status": "affected", "version": "elion 670 series version 2.2.2 all revisions"}, {"status": "affected", "version": "Relion 670 series version 2.2.3 all revisions"}, {"status": "affected", "version": "Relion 670/650 series version 2.2.4 all revisions"}, {"status": "affected", "version": "Relion 670/650/SAM600-IO series version 2.2.5 all revisions"}]}], "datePublic": "2023-11-28T13:30:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A vulnerability exists in the input validation of the GOOSE \nmessages where out of range values received and processed \nby the IED caused a reboot of the device. In order for an \nattacker to exploit the vulnerability, goose receiving blocks need \nto be configured. "}], "value": "A vulnerability exists in the input validation of the GOOSE \nmessages where out of range values received and processed \nby the IED caused a reboot of the device. In order for an \nattacker to exploit the vulnerability, goose receiving blocks need \nto be configured.\u00a0"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "e383dce4-0c27-4495-91c4-0db157728d17", "shortName": "Hitachi Energy", "dateUpdated": "2023-12-01T14:18:47.387Z"}, "references": [{"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000170&languageCode=en&Preview=true"}], "source": {"advisory": " 8DBD000170", "discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hitachienergy:relion_670_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1C4B7DA8-BA72-48E5-9E21-33FB1881E952", "versionEndExcluding": "2.2.2.6", "versionStartIncluding": "2.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:hitachienergy:relion_670_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4949214C-03DE-489E-80E3-7DC4EFED7ACA", "versionEndExcluding": "2.2.3.7", "versionStartIncluding": "2.2.3", "vulnerable": true}, {"criteria": "cpe:2.3:o:hitachienergy:relion_670_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "53D9E635-5BDA-4383-9FE5-4AFA4148A5E3", "versionEndExcluding": "2.2.4.4", "versionStartIncluding": "2.2.4", "vulnerable": true}, {"criteria": "cpe:2.3:o:hitachienergy:relion_670_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "64A83135-6909-4838-9429-1046CA824723", "versionEndExcluding": "2.2.5.6", "versionStartIncluding": "2.2.5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hitachienergy:relion_670:-:*:*:*:*:*:*:*", "matchCriteriaId": "ADA98332-543F-48A7-B63C-B39F679D47F0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hitachienergy:relion_650_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "612B2549-82F9-4B7F-BDBD-95A562BF1EAE", "versionEndExcluding": "2.2.4.4", "versionStartIncluding": "2.2.4", "vulnerable": true}, {"criteria": "cpe:2.3:o:hitachienergy:relion_650_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "DC7C5065-1CEC-44DC-BF01-16FC02390583", "versionEndExcluding": "2.2.5.6", "versionStartIncluding": "2.2.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:hitachienergy:relion_650_firmware:2.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "3A406AD0-38C5-4C32-AA88-AA45EE97C315", "vulnerable": true}, {"criteria": "cpe:2.3:o:hitachienergy:relion_650_firmware:2.2.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "8A74BD43-D925-483C-98F7-5F5C32D3B6F7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hitachienergy:relion_650:-:*:*:*:*:*:*:*", "matchCriteriaId": "1C658029-20F4-411A-B1FE-B4E07D590775", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hitachienergy:relion_sam600-io_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "264C95EE-756F-434E-9FA1-DC7878CEEF61", "versionEndExcluding": "2.2.5.6", "versionStartIncluding": "2.2.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:hitachienergy:relion_sam600-io_firmware:2.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "DB5C50F4-CF04-4C13-868A-F7ECE49DE01B", "vulnerable": true}, {"criteria": "cpe:2.3:o:hitachienergy:relion_sam600-io_firmware:2.2.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "7025C2A4-698E-408C-9567-8759B638AB90", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hitachienergy:relion_sam600-io:-:*:*:*:*:*:*:*", "matchCriteriaId": "E73E9D1A-1DFE-4B7C-81F1-0809071A3DDB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability exists in the input validation of the GOOSE \nmessages where out of range values received and processed \nby the IED caused a reboot of the device. In order for an \nattacker to exploit the vulnerability, goose receiving blocks need \nto be configured.\u00a0"}, {"lang": "es", "value": "Existe una vulnerabilidad en la validaci\u00f3n de entrada de los mensajes GOOSE donde los valores fuera de rango recibidos y procesados por el IED provocaron un reinicio del dispositivo. Para que un atacante aproveche la vulnerabilidad, es necesario configurar los bloques receptores de ganso."}], "id": "CVE-2023-4518", "lastModified": "2023-12-06T18:55:10.680", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "cybersecurity@hitachienergy.com", "type": "Secondary"}]}, "published": "2023-12-01T15:15:07.860", "references": [{"source": "cybersecurity@hitachienergy.com", "tags": ["Vendor Advisory"], "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000170&languageCode=en&Preview=true"}], "sourceIdentifier": "cybersecurity@hitachienergy.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1284"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "cybersecurity@hitachienergy.com", "type": "Secondary"}]}