Vulnerability Description
A vulnerability exists in the HCI Modbus TCP function included in the product versions listed above. If the HCI Modbus TCP is enabled and configured, an attacker could exploit the vulnerability by sending a specially crafted message to the RTU500 in a high rate, causing the targeted RTU500 CMU to reboot. The vulnerability is caused by a lack of flood control which eventually if exploited causes an internal stack overflow in the HCI Modbus TCP function.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hitachienergy | Rtu520 Firmware | >= 12.0.1, <= 12.0.13 |
| Hitachienergy | Rtu520 | - |
| Hitachienergy | Rtu530 Firmware | >= 12.0.1, <= 12.0.13 |
| Hitachienergy | Rtu530 | - |
| Hitachienergy | Rtu540 Firmware | >= 12.0.1, <= 12.0.13 |
| Hitachienergy | Rtu540 | - |
| Hitachienergy | Rtu560 Firmware | >= 12.0.1, <= 12.0.13 |
| Hitachienergy | Rtu560 | - |
Related Weaknesses (CWE)
References
- https://publisher.hitachienergy.com/preview?DocumentID=8DBD000111&LanguageCode=eVendor Advisory
- https://publisher.hitachienergy.com/preview?DocumentID=8DBD000111&LanguageCode=eVendor Advisory
FAQ
What is CVE-2022-2081?
CVE-2022-2081 is a vulnerability with a CVSS score of 7.5 (HIGH). A vulnerability exists in the HCI Modbus TCP function included in the product versions listed above. If the HCI Modbus TCP is enabled and configured, an attacker could exploit the vulnerability by sen...
How severe is CVE-2022-2081?
CVE-2022-2081 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-2081?
Check the references section above for vendor advisories and patch information. Affected products include: Hitachienergy Rtu520 Firmware, Hitachienergy Rtu520, Hitachienergy Rtu530 Firmware, Hitachienergy Rtu530, Hitachienergy Rtu540 Firmware.