CVE-2022-2081

HIGH

Hitachi Energy RTU500 Series Firmware 12.0.1-12.0.13 - Denial of Service via HCI Modbus TCP Flood

Title source: llm
STIX 2.1

Description

A vulnerability exists in the HCI Modbus TCP function included in the product versions listed above. If the HCI Modbus TCP is enabled and configured, an attacker could exploit the vulnerability by sending a specially crafted message to the RTU500 in a high rate, causing the targeted RTU500 CMU to reboot. The vulnerability is caused by a lack of flood control which eventually if exploited causes an internal stack overflow in the HCI Modbus TCP function.

Scores

CVSS v3 7.5
EPSS 0.0064
EPSS Percentile 46.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-787
Status published
Products (8)
hitachienergy/rtu520_firmware 13.3.1
hitachienergy/rtu520_firmware 12.0.1 - 12.0.13
hitachienergy/rtu530_firmware 13.3.1
hitachienergy/rtu530_firmware 12.0.1 - 12.0.13
hitachienergy/rtu540_firmware 13.3.1
hitachienergy/rtu540_firmware 12.0.1 - 12.0.13
hitachienergy/rtu560_firmware 13.3.1
hitachienergy/rtu560_firmware 12.0.1 - 12.0.13
Published Jan 04, 2024
Tracked Since Feb 18, 2026