1. EXECUTIVE SUMMARY
- CVSS v4 7.1
- ATTENTION: Low attack complexity
- Vendor: Hitachi Energy
- Equipment: Relion 670/650/SAM600-IO Series
- Vulnerability: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’)
2. RISK EVALUATION
Successful exploitation of this vulnerability can allow an attacker to reboot the device and cause a denial-of-service condition.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
Hitachi Energy reports the following products are affected:
- Relion 670/650/SAM600-IO series: Versions 2.2.2.0 up to but not including 2.2.2.6
- Relion 670/650/SAM600-IO series: Versions 2.2.3.0 up to but not including 2.2.3.7
- Relion 670/650/SAM600-IO series: Versions 2.2.4.0 up to but not including 2.2.4.4
- Relion 670/650/SAM600-IO series: Versions 2.2.5.6 up to but not including 2.2.5.6
- Relion 670/650/SAM600-IO series: 2.2.0.x
- Relion 670/650/SAM600-IO series: 2.2.1.x
3.2 VULNERABILITY OVERVIEW
3.2.1 BUFFER COPY WITHOUT CHECKING SIZE OF INPUT (‘CLASSIC BUFFER OVERFLOW’) CWE-120
A vulnerability exists in the input validation of the GOOSE messages where out of range values received and processed by the IED cause a reboot of the device. In order for an attacker to exploit the vulnerability, GOOSE receiving blocks need to be configured.
CVE-2023-4518 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been assigned; the CVSS vector string is (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
A CVSS v4 score has also been calculated for CVE-2023-4518. A base score of 7.1 has b
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: