Software Developers Tricked into Installing Malware by False npm Packages – Active IOCs
April 29, 2024Cyberattack Aims at Ukraine Using a Seven-Year-Old Microsoft Office Vulnerability – Active IOCs
April 29, 2024Software Developers Tricked into Installing Malware by False npm Packages – Active IOCs
April 29, 2024Cyberattack Aims at Ukraine Using a Seven-Year-Old Microsoft Office Vulnerability – Active IOCs
April 29, 2024Severity
Medium
Analysis Summary
CVE-2023-1514 CVSS:7.4
Hitachi Energy RTU500 Scripting Interface could allow a remote attacker to conduct spoofing attacks, caused by improper verification of certification. By using faking the identity of a RTU500 device, an attacker could exploit this vulnerability to spoof the identity of the service.
CVE-2023-5767 CVSS:6
Hitachi Energy RTU500 series devices are vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the webserver. A remote authenticated attacker could exploit this vulnerability using a specially crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
CVE-2023-5769 CVSS:5.9
Hitachi Energy RTU500 series devices are vulnerable to a denial of service, caused by an error in the HCI IEC 60870-5-104 function. By reading incoming frames on link layer with wrong length information of APDU or delayed reception of data octets, a remote attacker could exploit this vulnerability to cause a denial of service.
CVE-2023-5768 CVSS:5.4
Hitachi Energy RTU500 series devices are vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the webserver. A remote attacker could exploit this vulnerability using a specially crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
Impact
- Denial of Service
- Gain Access
- Cross-Site Scripting
Indicators of Compromise
CVE
- CVE-2023-1514
- CVE-2023-5767
- CVE-2023-5769
- CVE-2023-5768
Affected Vendors
Affected Products
- Hitachi Energy RTU500 series CMU Firmware 12.0.1
- Hitachi Energy RTU500 series CMU Firmware 12.2.1
- Hitachi Energy RTU500 series CMU Firmware 12.4.1
- Hitachi Energy RTU500 series CMU Firmware 12.6.1
- Hitachi Energy RTU500 series CMU Firmware 12.7.1
- Hitachi Energy RTU500 series CMU Firmware 13.2.1
- Hitachi Energy RTU500 series CMU Firmware 13.4.1
- Hitachi Energy RTU500 series CMU Firmware 12.0.14
- Hitachi Energy RTU500 series CMU Firmware 12.2.11
- Hitachi Energy RTU500 series CMU Firmware 12.4.11
- Hitachi Energy RTU500 series CMU Firmware 12.6.9
- Hitachi Energy RTU500 series CMU Firmware 12.7.6
- Hitachi Energy RTU500 series CMU Firmware 13.2.6
- Hitachi Energy RTU500 series CMU Firmware 13.4.3
- Hitachi Energy RTU500 Scripting Interface 1.0.1.30
- Hitachi Energy RTU500 Scripting Interface 1.0.2
- Hitachi Energy RTU500 Scripting Interface 1.1.1
Remediation
Refer to Hitachi Energy for patch, upgrade or suggested workaround information.