CVE-2023-5768

Name of the Vulnerable Software and Affected Versions RTU500 series product versions (affected versions not specified)

Description A vulnerability exists in the HCI IEC 60870-5-104 that affects the RTU500 series product. Incomplete or wrong received APDU frame layout may cause blocking on the link layer. The error reason is an endless blocking when reading incoming frames on the link layer with wrong length information of APDU or delayed reception of data octets. Only the communication link of the affected HCI IEC 60870-5-104 is blocked. If the attack sequence stops, the communication to the previously attacked link gets normal again. The vulnerability can be exploited by sending specially crafted APDU packets, allowing a remote attacker to cause a denial of service.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.