CVE-2022-28613

HIGH

RTU500 - DoS

Title source: llm

Description

A vulnerability exists in the HCI Modbus TCP function included in the product versions listed above. If the HCI Modbus TCP is en-abled and configured, an attacker could exploit the vulnerability by sending a specially crafted message to the RTU500, causing the receiving RTU500 CMU to reboot. The vulnerability is caused by the validation error in the length information carried in MBAP header in the HCI Modbus TCP function.

References (2)

[Various Sources] https://search.abb.com/library/Download.aspx?DocumentID=8DBD000103&LanguageCode=en&DocumentPartId=&Action=Launch

[Various Sources] https://publisher.hitachienergy.com/preview?DocumentID=8DBD000103&LanguageCode=en&DocumentPartId=&Action=Launch

Scores

CVSS v3 7.5

EPSS 0.0030

EPSS Percentile 52.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-1284

Status published

Products (2)

abb/rtu500_firmware 12.2.1.0 - 12.2.12.0

hitachienergy/rtu500_firmware 12.0.1.0 - 12.0.14.0

Published May 02, 2022

Tracked Since Feb 18, 2026