CVE-2023-4518

A vulnerability exists in the input validation of the GOOSE messages where out of range values received and processed by the IED caused a reboot of the device. In order for an attacker to exploit the vulnerability, goose receiving blocks need to be configured.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:hitachienergy:relion_670_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hitachienergy:relion_670_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hitachienergy:relion_670_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hitachienergy:relion_670_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hitachienergy:relion_670:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:o:hitachienergy:relion_650_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hitachienergy:relion_650_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hitachienergy:relion_650_firmware:2.2.1:*:*:*:*:*:*:*
cpe:2.3:o:hitachienergy:relion_650_firmware:2.2.1.6:*:*:*:*:*:*:*
cpe:2.3:h:hitachienergy:relion_650:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:o:hitachienergy:relion_sam600-io_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hitachienergy:relion_sam600-io_firmware:2.2.1:*:*:*:*:*:*:*
cpe:2.3:o:hitachienergy:relion_sam600-io_firmware:2.2.1.6:*:*:*:*:*:*:*
cpe:2.3:h:hitachienergy:relion_sam600-io:-:*:*:*:*:*:*:*

History

23 Sep 2024, 13:15

Type Values Removed Values Added
Summary (en) A vulnerability exists in the input validation of the GOOSE messages where out of range values received and processed by the IED caused a reboot of the device. In order for an attacker to exploit the vulnerability, goose receiving blocks need to be configured.  (en) A vulnerability exists in the input validation of the GOOSE messages where out of range values received and processed by the IED caused a reboot of the device. In order for an attacker to exploit the vulnerability, goose receiving blocks need to be configured.
CWE CWE-20

06 Dec 2023, 18:55

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
CPE cpe:2.3:h:hitachienergy:relion_sam600-io:-:*:*:*:*:*:*:*
cpe:2.3:o:hitachienergy:relion_650_firmware:2.2.1.6:*:*:*:*:*:*:*
cpe:2.3:o:hitachienergy:relion_sam600-io_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hitachienergy:relion_650:-:*:*:*:*:*:*:*
cpe:2.3:o:hitachienergy:relion_650_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hitachienergy:relion_670:-:*:*:*:*:*:*:*
cpe:2.3:o:hitachienergy:relion_650_firmware:2.2.1:*:*:*:*:*:*:*
cpe:2.3:o:hitachienergy:relion_sam600-io_firmware:2.2.1:*:*:*:*:*:*:*
cpe:2.3:o:hitachienergy:relion_sam600-io_firmware:2.2.1.6:*:*:*:*:*:*:*
cpe:2.3:o:hitachienergy:relion_670_firmware:*:*:*:*:*:*:*:*
First Time Hitachienergy relion 650
Hitachienergy relion Sam600-io Firmware
Hitachienergy relion 650 Firmware
Hitachienergy relion 670
Hitachienergy relion 670 Firmware
Hitachienergy relion Sam600-io
Hitachienergy
References () https://publisher.hitachienergy.com/preview?DocumentId=8DBD000170&languageCode=en&Preview=true - () https://publisher.hitachienergy.com/preview?DocumentId=8DBD000170&languageCode=en&Preview=true - Vendor Advisory
CWE CWE-1284

01 Dec 2023, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-12-01 15:15

Updated : 2024-09-23 13:15


NVD link : CVE-2023-4518

Mitre link : CVE-2023-4518

CVE.ORG link : CVE-2023-4518


JSON object : View

Products Affected

hitachienergy

  • relion_670_firmware
  • relion_670
  • relion_sam600-io
  • relion_sam600-io_firmware
  • relion_650_firmware
  • relion_650
CWE
CWE-1284

Improper Validation of Specified Quantity in Input