7.5

CVE-2023-4518

A vulnerability exists in the input validation of the GOOSE 
messages where out of range values received and processed 
by the IED caused a reboot of the device. In order for an 
attacker to exploit the vulnerability, goose receiving blocks need 
to be configured.

Data is provided by the National Vulnerability Database (NVD)
HitachienergyRelion 670 Firmware Version >= 2.2.0 < 2.2.2.6
   HitachienergyRelion 670 Version-
HitachienergyRelion 670 Firmware Version >= 2.2.3 < 2.2.3.7
   HitachienergyRelion 670 Version-
HitachienergyRelion 670 Firmware Version >= 2.2.4 < 2.2.4.4
   HitachienergyRelion 670 Version-
HitachienergyRelion 670 Firmware Version >= 2.2.5 < 2.2.5.6
   HitachienergyRelion 670 Version-
HitachienergyRelion 650 Firmware Version >= 2.2.4 < 2.2.4.4
   HitachienergyRelion 650 Version-
HitachienergyRelion 650 Firmware Version >= 2.2.5 < 2.2.5.6
   HitachienergyRelion 650 Version-
HitachienergyRelion 650 Firmware Version2.2.1
   HitachienergyRelion 650 Version-
HitachienergyRelion 650 Firmware Version2.2.1.6
   HitachienergyRelion 650 Version-
HitachienergyRelion Sam600-io Firmware Version >= 2.2.5 < 2.2.5.6
   HitachienergyRelion Sam600-io Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.11% 0.296
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
cybersecurity@hitachienergy.com 6.5 2.8 3.6
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-1284 Improper Validation of Specified Quantity in Input

The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.