CVE-2022-4608 : Security Advisory and Response
Discover the impact of CVE-2022-4608 on Hitachi Energy's RTU500 series. Learn about the vulnerability in HCI IEC 60870-5-104 function, its exploitability, and mitigation steps.
A detailed overview of CVE-2022-4608, its impact, technical details, and mitigation strategies.
Understanding CVE-2022-4608
This section delves into the specifics of CVE-2022-4608.
What is CVE-2022-4608?
A vulnerability exists in HCI IEC 60870-5-104 function in certain versions of Hitachi Energy's RTU500 series. Exploitable if HCI 60870-5-104 configured with IEC 62351-3, leading to unexpected restarts due to a stack overflow.
The Impact of CVE-2022-4608
The vulnerability, with a CVSS base score of 7.5, poses a HIGH availability impact. Exploitation could lead to buffer overflows.
Technical Details of CVE-2022-4608
In-depth technical insights into the vulnerability.
Vulnerability Description
The vulnerability is caused by an RTU500 initiated update resulting in a stack overflow during a session resumption interval expiration.
Affected Systems and Versions
- Affected versions: RTU500 series CMU Firmware 13.3.1, 13.3.2
- Unaffected versions: RTU500 series CMU Firmware 13.3.3, 13.4.1
Exploitation Mechanism
Exploitation involves updating session parameters after session resumption interval expiry, triggering an unexpected restart due to a stack overflow.
Mitigation and Prevention
Effective measures to mitigate the risks posed by CVE-2022-4608.
Immediate Steps to Take
Update to CMU Firmware versions 13.3.3 or 13.4.1 to address the vulnerability.
Long-Term Security Practices
Consider disabling the HCI IEC 60870-5-104 function or its IEC 62351-3 feature if not utilized.
Patching and Updates
Refer to Hitachi Energy's provided solutions for patching instructions.