Sign-up

ID

VAR-202312-1566


CVE

CVE-2023-1514


TITLE

Hitachi Energy  of  rtu500 scripting interface  Certificate validation vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2023-023921

DESCRIPTION

A vulnerability exists in the component RTU500 Scripting interface. When a client connects to a server using TLS, the server presents a certificate. This certificate links a public key to the identity of the service and is signed by a Certification Authority (CA), allowing the client to validate that the remote service can be trusted and is not malicious. If the client does not validate the parameters of the certificate, then attackers could be able to spoof the identity of the service. An attacker could exploit the vulnerability by using faking the identity of a RTU500 device and intercepting the messages initiated via the RTU500 Scripting interface. RTU500 is a series of industrial control components of Hitachi, Japan, mainly used in industrial control systems. RTU500 Scripting interface is part of the Hitachi Energy RTU500 series of industrial control components, mainly used to provide a script programming interface to achieve specific automation control and data processing functions. This interface supports the control of various functions of RTU500 through script programming, including data acquisition, execution of control commands, etc

Trust: 2.16

sources: NVD: CVE-2023-1514 // JVNDB: JVNDB-2023-023921 // CNVD: CNVD-2025-02738

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-02738

AFFECTED PRODUCTS

vendor:hitachienergymodel:rtu500 scripting interfacescope:eqversion:1.0.2

Trust: 1.0

vendor:hitachienergymodel:rtu500 scripting interfacescope:eqversion:1.1.1

Trust: 1.0

vendor:hitachienergymodel:rtu500 scripting interfacescope:eqversion:1.0.1.30

Trust: 1.0

vendor:hitachi energymodel:rtu500 scripting interfacescope: - version: -

Trust: 0.8

vendor:hitachi energymodel:rtu500 scripting interfacescope:eqversion:1.0.1.30

Trust: 0.8

vendor:hitachi energymodel:rtu500 scripting interfacescope:eqversion:1.0.2

Trust: 0.8

vendor:hitachi energymodel:rtu500 scripting interfacescope:eqversion: -

Trust: 0.8

vendor:hitachi energymodel:rtu500 scripting interfacescope:eqversion:1.1.1

Trust: 0.8

vendor:hitachimodel:energy rtu500 scripting interfacescope:eqversion:1.0.1.30

Trust: 0.6

vendor:hitachimodel:energy rtu500 scripting interfacescope:eqversion:1.0.2

Trust: 0.6

vendor:hitachimodel:energy rtu500 scripting interfacescope:eqversion:1.1.1

Trust: 0.6

sources: CNVD: CNVD-2025-02738 // JVNDB: JVNDB-2023-023921 // NVD: CVE-2023-1514

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-1514
value: HIGH

Trust: 1.0

cybersecurity@hitachienergy.com: CVE-2023-1514
value: HIGH

Trust: 1.0

NVD: CVE-2023-1514
value: HIGH

Trust: 0.8

CNVD: CNVD-2025-02738
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-02738
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:H/AU:N/C:C/I:C/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 4.9
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2023-1514
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

cybersecurity@hitachienergy.com: CVE-2023-1514
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: CVE-2023-1514
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-02738 // JVNDB: JVNDB-2023-023921 // NVD: CVE-2023-1514 // NVD: CVE-2023-1514

PROBLEMTYPE DATA

problemtype:CWE-295

Trust: 1.0

problemtype:Illegal certificate verification (CWE-295) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-023921 // NVD: CVE-2023-1514

PATCH

title:Patch for Hitachi Energy RTU500 Scripting interface‌ Trust Management Issue Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/654816

Trust: 0.6

sources: CNVD: CNVD-2025-02738

EXTERNAL IDS

db:NVDid:CVE-2023-1514

Trust: 3.2

db:ICS CERTid:ICSA-24-331-05

Trust: 0.8

db:JVNid:JVNVU95579677

Trust: 0.8

db:JVNDBid:JVNDB-2023-023921

Trust: 0.8

db:CNVDid:CNVD-2025-02738

Trust: 0.6

sources: CNVD: CNVD-2025-02738 // JVNDB: JVNDB-2023-023921 // NVD: CVE-2023-1514

REFERENCES

url:https://publisher.hitachienergy.com/preview?documentid=8dbd000152&languagecode=en&preview=true

Trust: 1.8

url:https://jvn.jp/vu/jvnvu95579677/index.html

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2023-1514

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-24-331-05

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2023-1514/

Trust: 0.6

sources: CNVD: CNVD-2025-02738 // JVNDB: JVNDB-2023-023921 // NVD: CVE-2023-1514

SOURCES

db:CNVDid:CNVD-2025-02738
db:JVNDBid:JVNDB-2023-023921
db:NVDid:CVE-2023-1514

LAST UPDATE DATE

2025-02-14T23:00:32.758000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-02738date:2025-02-12T00:00:00
db:JVNDBid:JVNDB-2023-023921date:2024-11-28T04:56:00
db:NVDid:CVE-2023-1514date:2023-12-28T17:00:22.227

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-02738date:2025-02-13T00:00:00
db:JVNDBid:JVNDB-2023-023921date:2024-01-30T00:00:00
db:NVDid:CVE-2023-1514date:2023-12-19T15:15:08.037