Detections
Analytics

Hitachi Energy RTU500 series Improper Input Validation (CVE-2022-28613)

high Tenable OT Security Plugin ID 500943

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A vulnerability in the HCI Modbus TCP COMPONENT of Hitachi Energy RTU500 series CMU Firmware that is caused by the validation error in the length information carried in MBAP header allows an ATTACKER to reboot the device by sending a special crafted message. This issue affects: Hitachi Energy RTU500 series CMU Firmware 12.0.*; 12.2.*;
12.4.*; 12.6.*; 12.7.*; 13.2.*.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Hitachi Energy made the following updates available to remediate the vulnerability:

- RTU500 series CMU firmware version 12.0.1.0–12.0.13.0: Update to version 12.0.14.0 or higher.
- RTU500 series CMU firmware version 12.2.1.0–12.2.11.0: Update to version 12.2.12.0 or higher.
- RTU500 series CMU firmware version 12.4.1.0–12.4.11.0: Update to version 12.4.12.0 or higher.
- RTU500 series CMU firmware version 12.6.1.0–12.6.7.0: Update to version 12.6.8.0 or higher.
- RTU500 series CMU firmware version 12.7.1.0–12.7.3.0: Update to version 12.7.4.0 or higher.
- RTU500 series CMU firmware version 13.2.1.0–13.2.4.0: Update to version 13.3.1.0, 13.2.5.0, or higher.

Because the vulnerability affects only the RTU500 series with HCI Modbus TCP configured and enabled, a possible mitigation is to disable the HCI Modbus TCP function if not used. The HCI Modbus TCP is disabled by default.

Hitachi Energy recommends the following security practices and firewall configurations to help protect process control networks from outside attacks:

- Physically protect process control systems from unauthorized direct access.
- Separate process control systems from other networks using a firewall system with only the necessary ports open.
- Process control systems should not be used for internet surfing, instant messaging, or receiving emails.
- Portable computers and removable storage media should be carefully scanned for viruses before connecting to a control system.

For more information, see Hitachi Energy advisory 8DBD000103

See Also

http://www.nessus.org/u?c31bf368

https://www.cisa.gov/news-events/ics-advisories/icsa-22-242-04

Plugin Details

Severity: High

ID: 500943

Version: 1.4

Type: remote

Family: Tenable.ot

Published: 3/29/2023

Updated: 9/4/2024

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2022-28613

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:abb:rtu500_firmware:13, cpe:/o:abb:rtu500_firmware:12

Required KB Items: Tenable.ot/ABB

Exploit Ease: No known exploits are available

Patch Publication Date: 5/2/2022

Vulnerability Publication Date: 5/2/2022

Reference Information

CVE: CVE-2022-28613

CWE: 20

ICSA: 22-242-04