CVE-2021-35533

Name of the Vulnerable Software and Affected Versions: Hitachi Energy RTU500 series CMU Firmware version 12.0.* Hitachi Energy RTU500 series CMU Firmware version 12.2.* Hitachi Energy RTU500 series CMU Firmware version 12.4.*

Description: The issue is related to an Improper Input Validation vulnerability in the APDU parser in the Bidirectional Communication Interface (BCI) IEC 60870-5-104 function of Hitachi Energy RTU500 series. This allows an attacker to cause the receiving RTU500 CMU, with the BCI enabled, to reboot when receiving a specially crafted message. By default, the BCI IEC 60870-5-104 function is disabled.

Recommendations: For Hitachi Energy RTU500 series CMU Firmware version 12.0., consider disabling the BCI IEC 60870-5-104 function until a patch is available. For Hitachi Energy RTU500 series CMU Firmware version 12.2., consider disabling the BCI IEC 60870-5-104 function until a patch is available. For Hitachi Energy RTU500 series CMU Firmware version 12.4.*, consider disabling the BCI IEC 60870-5-104 function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.