CVE-2021-35533 — HIGH (7.5)

Vulnerability Description

Improper Input Validation vulnerability in the APDU parser in the Bidirectional Communication Interface (BCI) IEC 60870-5-104 function of Hitachi Energy RTU500 series allows an attacker to cause the receiving RTU500 CMU of which the BCI is enabled to reboot when receiving a specially crafted message. By default, BCI IEC 60870-5-104 function is disabled (not configured). This issue affects: Hitachi Energy RTU500 series CMU Firmware version 12.0.* (all versions); CMU Firmware version 12.2.* (all versions); CMU Firmware version 12.4.* (all versions).

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Hitachienergy	Rtu500 Firmware	12.0
Hitachienergy	Rtu500	-

Related Weaknesses (CWE)

CWE-20

References

https://search.abb.com/library/Download.aspx?DocumentID=8DBD000063&LanguageCode=Vendor Advisory
https://search.abb.com/library/Download.aspx?DocumentID=8DBD000063&LanguageCode=Vendor Advisory

FAQ

What is CVE-2021-35533?

CVE-2021-35533 is a vulnerability with a CVSS score of 7.5 (HIGH). Improper Input Validation vulnerability in the APDU parser in the Bidirectional Communication Interface (BCI) IEC 60870-5-104 function of Hitachi Energy RTU500 series allows an attacker to cause the r...

How severe is CVE-2021-35533?

CVE-2021-35533 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-35533?

Check the references section above for vendor advisories and patch information. Affected products include: Hitachienergy Rtu500 Firmware, Hitachienergy Rtu500.