CVE-2022-2502
CVSS V2 None
CVSS V3 None
Description
A vulnerability exists in the HCI IEC 60870-5-104 function included in certain versions of the RTU500 series product. The vulnerability can only be exploited, if the HCI 60870-5-104 is configured with support for IEC 62351-5 and the CMU contains the license feature ‘Advanced security’ which must be ordered separately. If these preconditions are fulfilled, an attacker could exploit the vulnerability by sending a specially crafted message to the RTU500, causing the targeted RTU500 CMU to reboot. The vulnerability is caused by a missing input data validation which eventually if exploited causes an internal buffer to overflow in the HCI IEC 60870-5-104 function.
Overview
- CVE ID
- CVE-2022-2502
- Assigner
- Hitachi Energy
- Vulnerability Status
- PUBLISHED
- Published Version
- 2023-07-26T05:25:27.002Z
- Last Modified Date
- 2023-07-26T05:25:27.002Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://search.abb.com/library/Download.aspx?DocumentID=8DBD000121&LanguageCode=en&DocumentPartId=&Action=Launch |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2022-2502 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2502 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-06-24 16:51:54 | Added to TrackCVE |