CVE-2023-5768 : Security Advisory and Response
Discover the impact of CVE-2023-5768 on Hitachi Energy's RTU500 series CMU Firmware. Learn about the vulnerability, affected versions, and mitigation steps.
This CVE record was published by Hitachi Energy on December 4, 2023, for a vulnerability identified in the RTU500 series products.
Understanding CVE-2023-5768
This CVE pertains to a vulnerability in the HCI IEC 60870-5-104 affecting specific firmware versions of the RTU500 series products.
What is CVE-2023-5768?
The vulnerability in the HCI IEC 60870-5-104 impacts certain versions of the RTU500 series CMU Firmware. It involves incomplete or incorrectly received APDU frame layouts that can lead to link layer blocking. This issue results in endless blocking when reading incoming frames on the link layer with incorrect length information of APDU or delays in data reception. The affected communication link of HCI IEC 60870-5-104 becomes blocked, with normal communication returning once the attack sequence stops.
The Impact of CVE-2023-5768
The CVSSv3.1 base score for this CVE is 5.9, categorizing it as a medium severity issue. The attack complexity is considered high, with a network-based attack vector and high impact on availability. Although the vulnerability does not have confidentiality or integrity impacts, it can lead to significant disruptions in operational availability.
Technical Details of CVE-2023-5768
This section details the specific technical aspects of the CVE.
Vulnerability Description
The vulnerability arises due to incorrect handling of APDU frame layouts in the RTU500 series CMU Firmware versions mentioned in the CVE record. This can result in link layer blocking and communication disruptions.
Affected Systems and Versions
The RTU500 series CMU Firmware versions 12.0.1 – 12.0.14, 12.2.1 – 12.2.11, 12.4.1 – 12.4.11, 12.6.1 – 12.6.9, 12.7.1 – 12.7.6, 13.2.1 – 13.2.6, and 13.4.1 – 13.4.3 are known to be affected by this vulnerability.
Exploitation Mechanism
The vulnerability can be exploited by sending incorrect or incomplete APDU frame layouts to the affected RTU500 series products, resulting in link layer blocking and communication disruptions.
Mitigation and Prevention
To address CVE-2023-5768, immediate actions and long-term security practices can be implemented.
Immediate Steps to Take
It is recommended to apply patches or updates provided by Hitachi Energy for the affected RTU500 series CMU Firmware versions. Additionally, network monitoring and anomaly detection can help in identifying possible exploitation attempts.
Long-Term Security Practices
Implementing security best practices, conducting regular vulnerability assessments, and ensuring timely application of security patches can enhance the overall cybersecurity posture of the infrastructure.
Patching and Updates
Stay informed about security updates and patches released by Hitachi Energy for the RTU500 series products to mitigate the vulnerability described in CVE-2023-5768. Regularly check for firmware updates and apply them promptly to safeguard the systems against potential exploitation.