CVE-2022-4608

Description

A vulnerability exists in HCI IEC 60870-5-104 function included in certain versions of the RTU500 series product. The vulnerability can only be exploited, if the HCI 60870-5-104 is configured with support for IEC 62351-3. After session resumption interval is expired an RTU500 initiated update of session parameters causes an unexpected restart due to a stack overflow.

Remediation

Solution:

Update to CMU Firmware versions 13.3.3 or 13.4.1.

Workaround:

Disable the HCI IEC 60870-5-104 function or its IEC 62351-3 feature if it is not used.

References

Link	Tags
https://publisher.hitachienergy.com/preview?DocumentID=8DBD000121&LanguageCode=en&DocumentPartId=&Action=Launch	vendor advisory
https://search.abb.com/library/Download.aspx?DocumentID=8DBD000121&LanguageCode=en&DocumentPartId=&Action=Launch

Frequently Asked Questions

What is the severity of CVE-2022-4608?: CVE-2022-4608 has been scored as a high severity vulnerability.
How to fix CVE-2022-4608?: To fix CVE-2022-4608: Update to CMU Firmware versions 13.3.3 or 13.4.1.
Is CVE-2022-4608 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2022-4608 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-4608?: CVE-2022-4608 affects Hitachi Energy RTU500 series.

This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.

Description

Remediation

Category

CWE-787 – Out-of-bounds Write

References

Frequently Asked Questions