CVE-2022-2081
HIGHHitachi Energy RTU500 Series Firmware 12.0.1-12.0.13 - Denial of Service via HCI Modbus TCP Flood
Title source: llmDescription
A vulnerability exists in the HCI Modbus TCP function included in the product versions listed above. If the HCI Modbus TCP is enabled and configured, an attacker could exploit the vulnerability by sending a specially crafted message to the RTU500 in a high rate, causing the targeted RTU500 CMU to reboot. The vulnerability is caused by a lack of flood control which eventually if exploited causes an internal stack overflow in the HCI Modbus TCP function.
References (1)
Core 1
Core References
Scores
CVSS v3
7.5
EPSS
0.0064
EPSS Percentile
46.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-787
Status
published
Products (8)
hitachienergy/rtu520_firmware
13.3.1
hitachienergy/rtu520_firmware
12.0.1 - 12.0.13
hitachienergy/rtu530_firmware
13.3.1
hitachienergy/rtu530_firmware
12.0.1 - 12.0.13
hitachienergy/rtu540_firmware
13.3.1
hitachienergy/rtu540_firmware
12.0.1 - 12.0.13
hitachienergy/rtu560_firmware
13.3.1
hitachienergy/rtu560_firmware
12.0.1 - 12.0.13
Published
Jan 04, 2024
Tracked Since
Feb 18, 2026