Strix
26.1K

CVE-2022-2502

HIGHCVSS 7.5/10EPSS 0.54%

Last modified

CVE-2022-2502 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. A vulnerability exists in the HCI IEC 60870-5-104 function included in certain versions of the RTU500 series product. The vulnerability can only be exploited, if the HCI 60870-5-104 is configured with support for IEC 62351-5 and the CMU contains the license feature ‘Advanced security’ which must be ordered separately. EPSS estimates a 0.54% chance of exploitation in the next 30 days.

Description

A vulnerability exists in the HCI IEC 60870-5-104 function included in certain versions of the RTU500 series product. The vulnerability can only be exploited, if the HCI 60870-5-104 is configured with support for IEC 62351-5 and the CMU contains the license feature ‘Advanced security’ which must be ordered separately. If these preconditions are fulfilled, an attacker could exploit the vulnerability by sending a specially crafted message to the RTU500, causing the targeted RTU500 CMU to reboot. The vulnerability is caused by a missing input data validation which eventually if exploited causes an internal buffer to overflow in the HCI IEC 60870-5-104 function.

Metrics

CVSS 3.1
7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Probability
0.54%

41.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
HitachienergyRtu500 Firmware13.3.1
HitachienergyRtu500 Firmware13.3.2
HitachienergyRtu500 Firmware13.3.3
HitachienergyRtu500 Firmware13.4.1

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2022-2502?
A vulnerability exists in the HCI IEC 60870-5-104 function included in certain versions of the RTU500 series product. The vulnerability can only be exploited, if the HCI 60870-5-104 is configured with support for IEC 62351-5 and the CMU contains the license feature ‘Advanced security’ which must be ordered separately. If these preconditions are fulfilled, an attacker could exploit the vulnerability by sending a specially crafted message to the RTU500, causing the targeted RTU500 CMU to reboot. The vulnerability is caused by a missing input data validation which eventually if exploited causes an internal buffer to overflow in the HCI IEC 60870-5-104 function.
How severe is CVE-2022-2502?
CVE-2022-2502 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 0.54% probability of exploitation in the next 30 days.
How do I fix CVE-2022-2502?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-2502?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST