CVE-2021-35533 : Security Advisory and Response

Hitachi Energy's RTU500 series is affected by an Improper Input Validation vulnerability in the APDU parser, allowing attackers to trigger reboots with specially crafted messages. Here's what you need to know about CVE-2021-35533.

Understanding CVE-2021-35533

This vulnerability impacts Hitachi Energy's RTU500 series due to improper input validation in the Bidirectional Communication Interface (BCI) function.

What is CVE-2021-35533?

The vulnerability allows an attacker to force a targeted RTU500 CMU to reboot by sending a maliciously crafted message, affecting specific firmware versions.

The Impact of CVE-2021-35533

The vulnerability can result in high availability impact where the BCI IEC 60870-5-104 function is enabled, potentially disrupting operations.

Technical Details of CVE-2021-35533

The vulnerability arises from improper input validation in the BCI IEC 60870-5-104 function of Hitachi Energy RTU500 series.

Vulnerability Description

Attackers can exploit this flaw to cause targeted RTU500 CMU devices to reboot upon receiving specially crafted messages.

Affected Systems and Versions

RTU500 series CMU Firmware versions 12.0., 12.2., and 12.4.* are impacted by this vulnerability.

Exploitation Mechanism

By sending specifically crafted messages, attackers can trigger the reboot of RTU500 CMU devices with enabled BCI IEC 60870-5-104 function.

Mitigation and Prevention

To address CVE-2021-35533, users are advised to take immediate and long-term security measures.

Immediate Steps to Take

Disable the BCI IEC 60870-5-104 function if unused. Update to RTU500 series CMU Firmware version 12.6.5.0 or newer.

Long-Term Security Practices

Regularly update firmware and review security configurations to prevent similar vulnerabilities.

Patching and Updates

Ensure all RTU500 series CMU devices are running firmware versions 12.6.5.0 or later to mitigate the vulnerability.