CVE-2022-28613
HIGHABB/Hitachi Energy RTU500 Firmware DoS via HCI Modbus TCP MBAP Header Length Validation Error
Title source: llmDescription
A vulnerability exists in the HCI Modbus TCP function included in the product versions listed above. If the HCI Modbus TCP is en-abled and configured, an attacker could exploit the vulnerability by sending a specially crafted message to the RTU500, causing the receiving RTU500 CMU to reboot. The vulnerability is caused by the validation error in the length information carried in MBAP header in the HCI Modbus TCP function.
References (2)
Core 2
Core References
Various Sources
https://search.abb.com/library/Download.aspx?DocumentID=8DBD000103&LanguageCode=en&DocumentPartId=&Action=Launch
Various Sources vendor-advisory
https://publisher.hitachienergy.com/preview?DocumentID=8DBD000103&LanguageCode=en&DocumentPartId=&Action=Launch
Scores
CVSS v3
7.5
EPSS
0.0090
EPSS Percentile
54.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-1284
Status
published
Products (2)
abb/rtu500_firmware
12.2.1.0 - 12.2.12.0
hitachienergy/rtu500_firmware
12.0.1.0 - 12.0.14.0
Published
May 02, 2022
Tracked Since
Feb 18, 2026