CVE-2021-35533

Specially Crafted IEC 60870-5-104 Packet Vulnerability in RTU500 series

Description

Improper Input Validation vulnerability in the APDU parser in the Bidirectional Communication Interface (BCI) IEC 60870-5-104 function of Hitachi Energy RTU500 series allows an attacker to cause the receiving RTU500 CMU of which the BCI is enabled to reboot when receiving a specially crafted message. By default, BCI IEC 60870-5-104 function is disabled (not configured). This issue affects: Hitachi Energy RTU500 series CMU Firmware version 12.0.* (all versions); CMU Firmware version 12.2.* (all versions); CMU Firmware version 12.4.* (all versions).

Remediation

Solution:

- Disable BCI IEC 60870-5-104 function by configuration if it is not used. - Update to RTU500 series CMU Firmware version 12.6.5.0 or later (e.g., RTU500 CMU Firmware version 12.7.* or CMU Firmware version 13.2.* or later).

References

Link	Tags
https://search.abb.com/library/Download.aspx?DocumentID=8DBD000063&LanguageCode=en&DocumentPartId=&Action=Launch	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2021-35533?: CVE-2021-35533 has been scored as a high severity vulnerability.
How to fix CVE-2021-35533?: To fix CVE-2021-35533: - Disable BCI IEC 60870-5-104 function by configuration if it is not used. - Update to RTU500 series CMU Firmware version 12.6.5.0 or later (e.g., RTU500 CMU Firmware version 12.7.* or CMU Firmware version 13.2.* or later).
Is CVE-2021-35533 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2021-35533 is being actively exploited. According to its EPSS score, there is a ~1% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2021-35533?: CVE-2021-35533 affects Hitachi Energy RTU500 series.

Description

Remediation

Category

CWE-20 – Improper Input Validation

References

Frequently Asked Questions