CVE-2022-2502

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A vulnerability exists in the HCI IEC 60870-5-104 function included in certain versions of the RTU500 series product. The vulnerability can only be exploited, if the HCI 60870-5-104 is configured with support for IEC 62351-5 and the CMU contains the license feature ‘Advanced security’ which must be ordered separately. If these preconditions are fulfilled, an attacker could exploit the vulnerability by sending a specially crafted message to the RTU500, causing the targeted RTU500 CMU to reboot. The vulnerability is caused by a missing input data validation which eventually if exploited causes an internal buffer to overflow in the HCI IEC 60870-5-104 function.

*Credits: N/A

CVSS Scores

NISTv3.1 7.5

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-07-21 CVE Reserved
2023-07-26 CVE Published
2024-08-01 EPSS Updated
2024-09-24 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-20: Improper Input Validation
CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CAPEC

CAPEC-100: Overflow Buffers

References (2)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://search.abb.com/library/Download.aspx?DocumentID=8DBD000121&LanguageCode=en&DocumentPartId=&Action=Launch	2023-08-03
https://publisher.hitachienergy.com/preview?DocumentID=8DBD000121&LanguageCode=en&DocumentPartId=&Action=Launch	2024-09-24

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Hitachienergy Search vendor "Hitachienergy"	Rtu500 Firmware Search vendor "Hitachienergy" for product "Rtu500 Firmware"	13.3.1 Search vendor "Hitachienergy" for product "Rtu500 Firmware" and version "13.3.1"	-	Affected	in	Hitachienergy Search vendor "Hitachienergy"	Rtu500 Search vendor "Hitachienergy" for product "Rtu500"	-	-	Safe
Hitachienergy Search vendor "Hitachienergy"	Rtu500 Firmware Search vendor "Hitachienergy" for product "Rtu500 Firmware"	13.3.2 Search vendor "Hitachienergy" for product "Rtu500 Firmware" and version "13.3.2"	-	Affected	in	Hitachienergy Search vendor "Hitachienergy"	Rtu500 Search vendor "Hitachienergy" for product "Rtu500"	-	-	Safe
Hitachienergy Search vendor "Hitachienergy"	Rtu500 Firmware Search vendor "Hitachienergy" for product "Rtu500 Firmware"	13.3.3 Search vendor "Hitachienergy" for product "Rtu500 Firmware" and version "13.3.3"	-	Affected	in	Hitachienergy Search vendor "Hitachienergy"	Rtu500 Search vendor "Hitachienergy" for product "Rtu500"	-	-	Safe
Hitachienergy Search vendor "Hitachienergy"	Rtu500 Firmware Search vendor "Hitachienergy" for product "Rtu500 Firmware"	13.4.1 Search vendor "Hitachienergy" for product "Rtu500 Firmware" and version "13.4.1"	-	Affected	in	Hitachienergy Search vendor "Hitachienergy"	Rtu500 Search vendor "Hitachienergy" for product "Rtu500"	-	-	Safe