Vulnerability Details : CVE-2022-2081
A vulnerability exists in the HCI Modbus TCP function included in the product versions listed above. If the HCI Modbus TCP is enabled and configured, an attacker could exploit the vulnerability by sending a specially crafted message to the RTU500 in a high rate, causing the targeted RTU500 CMU to reboot. The vulnerability is caused by a lack of flood control which eventually if exploited causes an internal stack overflow in the HCI Modbus TCP function.
Products affected by CVE-2022-2081
- Hitachienergy » Rtu520 FirmwareVersions from including (>=) 13.2.1 and up to, including, (<=) 13.2.4cpe:2.3:o:hitachienergy:rtu520_firmware:*:*:*:*:*:*:*:*
- Hitachienergy » Rtu520 FirmwareVersions from including (>=) 12.0.1 and up to, including, (<=) 12.0.13cpe:2.3:o:hitachienergy:rtu520_firmware:*:*:*:*:*:*:*:*
- Hitachienergy » Rtu520 FirmwareVersions from including (>=) 12.2.1 and up to, including, (<=) 12.2.11cpe:2.3:o:hitachienergy:rtu520_firmware:*:*:*:*:*:*:*:*
- Hitachienergy » Rtu520 FirmwareVersions from including (>=) 12.7.1 and up to, including, (<=) 12.7.3cpe:2.3:o:hitachienergy:rtu520_firmware:*:*:*:*:*:*:*:*
- Hitachienergy » Rtu520 FirmwareVersions from including (>=) 12.4.1 and up to, including, (<=) 12.4.11cpe:2.3:o:hitachienergy:rtu520_firmware:*:*:*:*:*:*:*:*
- Hitachienergy » Rtu520 FirmwareVersions from including (>=) 12.6.1 and up to, including, (<=) 12.6.7cpe:2.3:o:hitachienergy:rtu520_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hitachienergy:rtu520_firmware:13.3.1:*:*:*:*:*:*:*
- Hitachienergy » Rtu530 FirmwareVersions from including (>=) 13.2.1 and up to, including, (<=) 13.2.4cpe:2.3:o:hitachienergy:rtu530_firmware:*:*:*:*:*:*:*:*
- Hitachienergy » Rtu530 FirmwareVersions from including (>=) 12.0.1 and up to, including, (<=) 12.0.13cpe:2.3:o:hitachienergy:rtu530_firmware:*:*:*:*:*:*:*:*
- Hitachienergy » Rtu530 FirmwareVersions from including (>=) 12.6.1 and up to, including, (<=) 12.6.7cpe:2.3:o:hitachienergy:rtu530_firmware:*:*:*:*:*:*:*:*
- Hitachienergy » Rtu530 FirmwareVersions from including (>=) 12.7.1 and up to, including, (<=) 12.7.3cpe:2.3:o:hitachienergy:rtu530_firmware:*:*:*:*:*:*:*:*
- Hitachienergy » Rtu530 FirmwareVersions from including (>=) 12.2.1 and up to, including, (<=) 12.2.11cpe:2.3:o:hitachienergy:rtu530_firmware:*:*:*:*:*:*:*:*
- Hitachienergy » Rtu530 FirmwareVersions from including (>=) 12.4.1 and up to, including, (<=) 12.4.11cpe:2.3:o:hitachienergy:rtu530_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hitachienergy:rtu530_firmware:13.3.1:*:*:*:*:*:*:*
- Hitachienergy » Rtu540 FirmwareVersions from including (>=) 12.0.1 and up to, including, (<=) 12.0.13cpe:2.3:o:hitachienergy:rtu540_firmware:*:*:*:*:*:*:*:*
- Hitachienergy » Rtu540 FirmwareVersions from including (>=) 12.4.1 and up to, including, (<=) 12.4.11cpe:2.3:o:hitachienergy:rtu540_firmware:*:*:*:*:*:*:*:*
- Hitachienergy » Rtu540 FirmwareVersions from including (>=) 12.2.1 and up to, including, (<=) 12.2.11cpe:2.3:o:hitachienergy:rtu540_firmware:*:*:*:*:*:*:*:*
- Hitachienergy » Rtu540 FirmwareVersions from including (>=) 12.6.1 and up to, including, (<=) 12.6.7cpe:2.3:o:hitachienergy:rtu540_firmware:*:*:*:*:*:*:*:*
- Hitachienergy » Rtu540 FirmwareVersions from including (>=) 12.7.1 and up to, including, (<=) 12.7.3cpe:2.3:o:hitachienergy:rtu540_firmware:*:*:*:*:*:*:*:*
- Hitachienergy » Rtu540 FirmwareVersions from including (>=) 13.2.1 and up to, including, (<=) 13.2.4cpe:2.3:o:hitachienergy:rtu540_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hitachienergy:rtu540_firmware:13.3.1:*:*:*:*:*:*:*
- Hitachienergy » Rtu560 FirmwareVersions from including (>=) 12.7.1 and up to, including, (<=) 12.7.3cpe:2.3:o:hitachienergy:rtu560_firmware:*:*:*:*:*:*:*:*
- Hitachienergy » Rtu560 FirmwareVersions from including (>=) 12.6.1 and up to, including, (<=) 12.6.7cpe:2.3:o:hitachienergy:rtu560_firmware:*:*:*:*:*:*:*:*
- Hitachienergy » Rtu560 FirmwareVersions from including (>=) 12.2.1 and up to, including, (<=) 12.2.11cpe:2.3:o:hitachienergy:rtu560_firmware:*:*:*:*:*:*:*:*
- Hitachienergy » Rtu560 FirmwareVersions from including (>=) 13.2.1 and up to, including, (<=) 13.2.4cpe:2.3:o:hitachienergy:rtu560_firmware:*:*:*:*:*:*:*:*
- Hitachienergy » Rtu560 FirmwareVersions from including (>=) 12.4.1 and up to, including, (<=) 12.4.11cpe:2.3:o:hitachienergy:rtu560_firmware:*:*:*:*:*:*:*:*
- Hitachienergy » Rtu560 FirmwareVersions from including (>=) 12.0.1 and up to, including, (<=) 12.0.13cpe:2.3:o:hitachienergy:rtu560_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hitachienergy:rtu560_firmware:13.3.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-2081
0.14%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 29 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-2081
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
Hitachi Energy | 2024-01-04 |
|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST | 2024-01-10 |
CWE ids for CVE-2022-2081
-
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.Assigned by: cybersecurity@hitachienergy.com (Secondary)
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by:
- cybersecurity@hitachienergy.com (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2022-2081
-
https://publisher.hitachienergy.com/preview?DocumentID=8DBD000111&LanguageCode=en&DocumentPartId=&Action=Launch
Hitachi Energy PublisherVendor Advisory
Jump to