CVE-2023-1514

Name of the Vulnerable Software and Affected Versions RTU500 Scripting interface (affected versions not specified)

Description A vulnerability exists in the RTU500 Scripting interface component. When a client connects to a server using TLS, the server presents a certificate that links a public key to the identity of the service and is signed by a Certification Authority (CA). This allows the client to validate that the remote service can be trusted and is not malicious. However, if the client does not validate the parameters of the certificate, attackers could spoof the identity of the service. An attacker could exploit this issue by faking the identity of an RTU500 device and intercepting messages initiated via the RTU500 Scripting interface.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.