Hitachi Energy RTU500 series BCI Improper Input Validation (CVE-2021-35533)

high Tenable OT Security Plugin ID 500949

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Improper Input Validation vulnerability in the APDU parser in the Bidirectional Communication Interface (BCI) IEC 60870-5-104 function of Hitachi Energy RTU500 series allows an attacker to cause the receiving RTU500 CMU of which the BCI is enabled to reboot when receiving a specially crafted message. By default, BCI IEC 60870-5-104 function is disabled (not configured). This issue affects: Hitachi Energy RTU500 series CMU Firmware version 12.0.* (all versions); CMU Firmware version 12.2.* (all versions); CMU Firmware version 12.4.* (all versions).

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Hitachi Energy recommends the following:

- Disable BCI IEC 60870-5-104 function by configuration if it is not used. Note: By default, the BCI IEC 60870-5-104 is disabled.
- Update to RTU500 series CMU Firmware Version 12.6.5.0 or later (e.g., RTU500 CMU Firmware Version 12.7.* or CMU Firmware Version 13.2.* or later).

Please see Hitachi Energy advisory 8DBD000063 for additional mitigation and update information.

Hitachi Energy recommends the following security practices and firewall configurations to help protect process control networks from attacks that originate from outside the network:

- Physically protect process control systems from direct access by unauthorized personnel.
- Do not directly connect to the Internet.
- Separated from other networks by means of a firewall system with a minimal number of ports exposed.
- Process control systems should not be used for Internet surfing, instant messaging, or receiving e-mails.
- Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system.

See Also

http://www.nessus.org/u?181c9f84

https://www.cisa.gov/news-events/ics-advisories/icsa-21-336-04

Plugin Details

Severity: High

ID: 500949

Version: 1.6

Type: remote

Family: Tenable.ot

Published: 3/29/2023

Updated: 9/4/2024

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: High

Base Score: 7.1

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2021-35533

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:abb:rtu500_firmware:12.2, cpe:/o:abb:rtu500_firmware:12.4, cpe:/o:abb:rtu500_firmware:12.0

Required KB Items: Tenable.ot/ABB

Exploit Ease: No known exploits are available

Patch Publication Date: 11/26/2021

Vulnerability Publication Date: 11/26/2021

Reference Information

CVE: CVE-2021-35533

CWE: 20

ICSA: 21-336-04