7.5

CVE-2022-2081

A vulnerability exists in the HCI Modbus TCP function included in the product versions listed above. If the HCI Modbus TCP is enabled and configured, an attacker could exploit the vulnerability by sending a specially crafted message to the RTU500 in a high rate, causing the targeted RTU500 CMU to reboot. The vulnerability is caused by a lack of flood control which eventually if exploited causes an internal stack overflow in the HCI Modbus TCP function.

Data is provided by the National Vulnerability Database (NVD)
HitachienergyRtu520 Firmware Version >= 12.0.1 <= 12.0.13
   HitachienergyRtu520 Version-
HitachienergyRtu520 Firmware Version >= 12.2.1 <= 12.2.11
   HitachienergyRtu520 Version-
HitachienergyRtu520 Firmware Version >= 12.4.1 <= 12.4.11
   HitachienergyRtu520 Version-
HitachienergyRtu520 Firmware Version >= 12.6.1 <= 12.6.7
   HitachienergyRtu520 Version-
HitachienergyRtu520 Firmware Version >= 12.7.1 <= 12.7.3
   HitachienergyRtu520 Version-
HitachienergyRtu520 Firmware Version >= 13.2.1 <= 13.2.4
   HitachienergyRtu520 Version-
HitachienergyRtu520 Firmware Version13.3.1
   HitachienergyRtu520 Version-
HitachienergyRtu530 Firmware Version >= 12.0.1 <= 12.0.13
   HitachienergyRtu530 Version-
HitachienergyRtu530 Firmware Version >= 12.2.1 <= 12.2.11
   HitachienergyRtu530 Version-
HitachienergyRtu530 Firmware Version >= 12.4.1 <= 12.4.11
   HitachienergyRtu530 Version-
HitachienergyRtu530 Firmware Version >= 12.6.1 <= 12.6.7
   HitachienergyRtu530 Version-
HitachienergyRtu530 Firmware Version >= 12.7.1 <= 12.7.3
   HitachienergyRtu530 Version-
HitachienergyRtu530 Firmware Version >= 13.2.1 <= 13.2.4
   HitachienergyRtu530 Version-
HitachienergyRtu530 Firmware Version13.3.1
   HitachienergyRtu530 Version-
HitachienergyRtu540 Firmware Version >= 12.0.1 <= 12.0.13
   HitachienergyRtu540 Version-
HitachienergyRtu540 Firmware Version >= 12.2.1 <= 12.2.11
   HitachienergyRtu540 Version-
HitachienergyRtu540 Firmware Version >= 12.4.1 <= 12.4.11
   HitachienergyRtu540 Version-
HitachienergyRtu540 Firmware Version >= 12.6.1 <= 12.6.7
   HitachienergyRtu540 Version-
HitachienergyRtu540 Firmware Version >= 12.7.1 <= 12.7.3
   HitachienergyRtu540 Version-
HitachienergyRtu540 Firmware Version >= 13.2.1 <= 13.2.4
   HitachienergyRtu540 Version-
HitachienergyRtu540 Firmware Version13.3.1
   HitachienergyRtu540 Version-
HitachienergyRtu560 Firmware Version >= 12.0.1 <= 12.0.13
   HitachienergyRtu560 Version-
HitachienergyRtu560 Firmware Version >= 12.2.1 <= 12.2.11
   HitachienergyRtu560 Version-
HitachienergyRtu560 Firmware Version >= 12.4.1 <= 12.4.11
   HitachienergyRtu560 Version-
HitachienergyRtu560 Firmware Version >= 12.6.1 <= 12.6.7
   HitachienergyRtu560 Version-
HitachienergyRtu560 Firmware Version >= 12.7.1 <= 12.7.3
   HitachienergyRtu560 Version-
HitachienergyRtu560 Firmware Version >= 13.2.1 <= 13.2.4
   HitachienergyRtu560 Version-
HitachienergyRtu560 Firmware Version13.3.1
   HitachienergyRtu560 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.16% 0.368
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
cybersecurity@hitachienergy.com 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.