(I)IoT Security News
ICS, News, Reports

Hitachi Energy’s RTU500 Series Product

Hitachi Energy’s RTU500 Series Product

1. EXECUTIVE SUMMARY

2. RISK EVALUATION

Successful exploitation of these vulnerabilities could allow an attacker to crash the device being accessed or cause a denial-of-service condition.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following versions of Hitachi Energy’s RTU500 Series Product, are affected:

3.2 Vulnerability Overview

3.2.1 ACCESS OF RESOURCE USING INCOMPATIBLE TYPE (‘TYPE CONFUSION’) CWE-843

There is a type-confusion vulnerability affecting X.400 address processing within an X.509 GeneralName. This vulnerability could allow an attacker to pass arbitrary pointers to a memcmp call, enabling access to read memory contents or cause a denial-of-service condition.X.400 addresses parsed as an ASN1_STRING while the public structure definition for GENERAL_NAME incorrectly specifies the x400Address field type as ASN1_TYPE.

CVE-2023-0286 has been assigned to this vulnerability. A CVSS v3 base score of 7.4 has been assigned; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H).

3.2.2 OBSERVABLE TIMING DISCREPANCY CWE-208

A timing-based side channel exists in the OpenSSL RSA Decryption implementation. This could allow an attacker sufficient access to recover plaintext across a network to perform a Bleichenbacher style attack. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE.

CVE-2022-4304 has been assigned to this vulnerability. A CVSS v3 base score of 5.9 has been assigned; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).

3.2.3 OUT-OF-BOUNDS READ CWE-125

A vulnerability exists in the Wind River VxWorks version 6.9 affecting the RTU500 series product versions listed. An attacker could exploit the vulnerability by using a specific crafted packet that could lead to an out-of-bounds read during an IKE initial exchange scenario.

CVE-2022-23937 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

3.2.4 LOOP WITH UNREACHABLE EXIT CONDITION (‘INFINITE LOOP’) CWE-835

A vulnerability exists in the OpenSSL version 1.0.2 that affects the RTU500 Series product versions listed. An attacker can exploit the BN_mod_sqrt() function to compute a modular square root that contains a bug causing a continual loop for non-prime moduli.

CVE-2022-0778 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

3.2.5 BUFFER COPY WITHOUT CHECKING SIZE OF INPUT (‘CLASSIC BUFFER OVERFLOW’) CWE-120

A vulnerability exists in the OpenSSL Version 1.0.2 affecting the RTU500 Series product versions listed. An attacker with access to applications and the capability to present SM2 content for decryption could cause a buffer overflow up to a maximum of 62 bytes while altering contents of data present after the buffer. This vulnerability could allow an attacker to change application behavior or cause the application to crash.

CVE-2021-3711 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

3.2.6 OUT-OF-BOUNDS READ CWE-125

A vulnerability exists in the OpenSSL Version 1.0.2 affecting the RTU500 Series product versions listed. A malicious actor could cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions. Exploiting this vulnerability could create a system crash causing a denial-of-service condition or a disclosure of private memory contents, such as private keys or sensitive plaintext.

CVE-2021-3712 has been assigned to this vulnerability. A CVSS v3 base score of 7.4 has been assigned; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H).

3.3 BACKGROUND

3.4 RESEARCHER

Hitachi Energy reported these vulnerabilities to CISA.

4. MITIGATIONS

Hitachi Energy has released the following mitigations/fixes for CVE-2022-23937, CVE-2022-0778, CVE-2021-3711, and CVE-2021-3712:

Until the updates are made available, Hitachi Energy recommends the following general mitigation factors/workarounds for the products with RTU500 series CMU Firmware versions 12.0.1 – 12.0.15, 12.2.1 – 12.2.12, 12.4.1 – 12.4.12, 12.6.1 – 12.6.9, 12.7.1 – 12.7.6, 13.2.1 – 13.2.6, 13.3.1 – 13.3.3, 13.4.2 to address the vulnerabilities CVE-2023-0286 and CVE-2022-4304:

For more information, see Hitachi Energy’s Security Advisories:

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.

Source:

https://www.cisa.gov/news-events/ics-advisories/icsa-23-143-02

Related posts

Rockwell Automation FactoryTalk Services Platform

(I) IoT
3 years ago

Siemens SCALANCE X Switches (Update A)

(I) IoT
5 years ago

LCDS – Leão Consultoria e Desenvolvimento de Sistemas Ltda ME LAquis SCADA

(I) IoT
6 years ago
Exit mobile version