Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Hitachienergy Subscribe

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-3864 1 Hitachienergy 6 Relion 650, Relion 650 Firmware, Relion 670 and 3 more 2024-01-10 N/A 4.5 MEDIUM
A vulnerability exists in the Relion update package signature validation. A tampered update package could cause the IED to restart. After restart the device is back to normal operation. An attacker could exploit the vulnerability by first gaining access to the system with security privileges and attempt to update the IED with a malicious update package. Successful exploitation of this vulnerability will cause the IED to restart, causing a temporary Denial of Service.
CVE-2023-5769 1 Hitachienergy 8 Rtu520, Rtu520 Firmware, Rtu530 and 5 more 2023-12-18 N/A 6.1 MEDIUM
A vulnerability exists in the webserver that affects the RTU500 series product versions listed below. A malicious actor could perform cross-site scripting on the webserver due to user input being improperly sanitized.
CVE-2023-5768 1 Hitachienergy 8 Rtu520, Rtu520 Firmware, Rtu530 and 5 more 2023-12-07 N/A 6.1 MEDIUM
A vulnerability exists in the HCI IEC 60870-5-104 that affects the RTU500 series product versions listed below. Incomplete or wrong received APDU frame layout may cause blocking on link layer. Error reason was an endless blocking when reading incoming frames on link layer with wrong length information of APDU or delayed reception of data octets. Only communication link of affected HCI IEC 60870-5-104 is blocked. If attack sequence stops the communication to the previously attacked link gets normal again.
CVE-2023-5767 1 Hitachienergy 8 Rtu520, Rtu520 Firmware, Rtu530 and 5 more 2023-12-07 N/A 6.1 MEDIUM
A vulnerability exists in the webserver that affects the RTU500 series product versions listed below. A malicious actor could perform cross-site scripting on the webserver due to an RDT language file being improperly sanitized.