Details of VAR-202312-1753

ID

VAR-202312-1753

CVE

CVE-2023-6711

TITLE

Hitachi Energy of rtu500 Classic buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2023-023919

DESCRIPTION

Vulnerability exists in SCI IEC 60870-5-104 and HCI IEC 60870-5-104 that affects the RTU500 series product versions listed below. Specially crafted messages sent to the mentioned components are not validated properly and can result in buffer overflow and as final consequence to a reboot of an RTU500 CMU. Hitachi Energy of rtu500 Firmware has a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. RTU500 is a series of industrial control components of Hitachi, Japan, mainly used in industrial control systems. Attackers can exploit the vulnerability to cause a buffer overflow and eventually cause the RTU500 CMU to restart

Trust: 2.16

sources: NVD: CVE-2023-6711 // JVNDB: JVNDB-2023-023919 // CNVD: CNVD-2025-02737

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-02737

AFFECTED PRODUCTS

vendor:	hitachienergy	model:	rtu500	scope:	lt	version:	12.2.12.0	Trust: 1.0
vendor:	hitachienergy	model:	rtu500	scope:	gte	version:	12.6.1.0	Trust: 1.0
vendor:	hitachienergy	model:	rtu500	scope:	lt	version:	13.2.7.0	Trust: 1.0
vendor:	hitachienergy	model:	rtu500	scope:	gte	version:	12.2.1.0	Trust: 1.0
vendor:	hitachienergy	model:	rtu500	scope:	lt	version:	12.0.15.0	Trust: 1.0
vendor:	hitachienergy	model:	rtu500	scope:	eq	version:	13.5.1.0	Trust: 1.0
vendor:	hitachienergy	model:	rtu500	scope:	lt	version:	13.4.4.0	Trust: 1.0
vendor:	hitachienergy	model:	rtu500	scope:	gte	version:	13.2.1.0	Trust: 1.0
vendor:	hitachienergy	model:	rtu500	scope:	gte	version:	12.4.1.0	Trust: 1.0
vendor:	hitachienergy	model:	rtu500	scope:	gte	version:	13.4.1.0	Trust: 1.0
vendor:	hitachienergy	model:	rtu500	scope:	gte	version:	12.0.1.0	Trust: 1.0
vendor:	hitachienergy	model:	rtu500	scope:	lt	version:	12.7.7.0	Trust: 1.0
vendor:	hitachienergy	model:	rtu500	scope:	gte	version:	12.7.1.0	Trust: 1.0
vendor:	hitachienergy	model:	rtu500	scope:	lt	version:	12.4.12.0	Trust: 1.0
vendor:	hitachienergy	model:	rtu500	scope:	lt	version:	12.6.10.0	Trust: 1.0
vendor:	hitachi energy	model:	rtu500	scope:	eq	version:	rtu500 firmware 13.5.1.0	Trust: 0.8
vendor:	hitachi energy	model:	rtu500	scope:	eq	version:	rtu500 firmware 12.0.1.0 that's all 12.0.15.0	Trust: 0.8
vendor:	hitachi energy	model:	rtu500	scope:	eq	version:	-	Trust: 0.8
vendor:	hitachi energy	model:	rtu500	scope:	eq	version:	rtu500 firmware 12.7.1.0 that's all 12.7.7.0	Trust: 0.8
vendor:	hitachi energy	model:	rtu500	scope:	eq	version:	rtu500 firmware 12.6.1.0 that's all 12.6.10.0	Trust: 0.8
vendor:	hitachi energy	model:	rtu500	scope:	eq	version:	rtu500 firmware 13.2.1.0 that's all 13.2.7.0	Trust: 0.8
vendor:	hitachi energy	model:	rtu500	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi energy	model:	rtu500	scope:	eq	version:	rtu500 firmware 13.4.1.0 that's all 13.4.4.0	Trust: 0.8
vendor:	hitachi energy	model:	rtu500	scope:	eq	version:	rtu500 firmware 12.2.1.0 that's all 12.2.12.0	Trust: 0.8
vendor:	hitachi energy	model:	rtu500	scope:	eq	version:	rtu500 firmware 12.4.1.0 that's all 12.4.12.0	Trust: 0.8
vendor:	hitachi	model:	energy rtu500 series cmu	scope:	gte	version:	12.2.1,<=12.2.11	Trust: 0.6
vendor:	hitachi	model:	energy rtu500 series cmu	scope:	gte	version:	12.4.1,<=12.4.11	Trust: 0.6
vendor:	hitachi	model:	energy rtu500 series cmu	scope:	gte	version:	12.6.1,<=12.6.9	Trust: 0.6
vendor:	hitachi	model:	energy rtu500 series cmu	scope:	gte	version:	12.7.1,<=12.7.6	Trust: 0.6
vendor:	hitachi	model:	energy rtu500 series cmu	scope:	gte	version:	13.2.1,<=13.2.6	Trust: 0.6
vendor:	hitachi	model:	energy rtu500 series cmu	scope:	gte	version:	12.0.1,<=12.0.14	Trust: 0.6
vendor:	hitachi	model:	energy rtu500 series cmu	scope:	gte	version:	13.4.1,<=13.4.3	Trust: 0.6
vendor:	hitachi	model:	energy rtu500 series cmu	scope:	eq	version:	13.5.1	Trust: 0.6

sources: CNVD: CNVD-2025-02737 // JVNDB: JVNDB-2023-023919 // NVD: CVE-2023-6711

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-6711
value:	HIGH
Trust: 1.0
cybersecurity@hitachienergy.com:	CVE-2023-6711
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2023-6711
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-02737
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2025-02737
severity:	MEDIUM
baseScore:	5.4
vectorString:	AV:N/AC:H/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	4.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2023-6711
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
cybersecurity@hitachienergy.com:	CVE-2023-6711
baseSeverity:	MEDIUM
baseScore:	5.9
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2023-6711
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-02737 // JVNDB: JVNDB-2023-023919 // NVD: CVE-2023-6711 // NVD: CVE-2023-6711

PROBLEMTYPE DATA

problemtype:	CWE-120	Trust: 1.0
problemtype:	Classic buffer overflow (CWE-120) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-023919 // NVD: CVE-2023-6711

PATCH

title:

Patch for Hitachi Energy RTU500 series CMU Firmware Input Validation Error Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/654811

Trust: 0.6

sources: CNVD: CNVD-2025-02737

EXTERNAL IDS

db:	NVD	id:	CVE-2023-6711	Trust: 3.2
db:	JVN	id:	JVNVU98968158	Trust: 0.8
db:	ICS CERT	id:	ICSA-24-354-01	Trust: 0.8
db:	JVNDB	id:	JVNDB-2023-023919	Trust: 0.8
db:	CNVD	id:	CNVD-2025-02737	Trust: 0.6

sources: CNVD: CNVD-2025-02737 // JVNDB: JVNDB-2023-023919 // NVD: CVE-2023-6711

REFERENCES

url:	https://publisher.hitachienergy.com/preview?documentid=8dbd000184&languagecode=en&preview=true	Trust: 1.8
url:	https://jvn.jp/vu/jvnvu98968158/index.html	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-6711	Trust: 0.8
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-24-354-01	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2023-6711/	Trust: 0.6

sources: CNVD: CNVD-2025-02737 // JVNDB: JVNDB-2023-023919 // NVD: CVE-2023-6711

SOURCES

db:	CNVD	id:	CNVD-2025-02737
db:	JVNDB	id:	JVNDB-2023-023919
db:	NVD	id:	CVE-2023-6711

LAST UPDATE DATE

2025-02-14T23:10:23.887000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-02737	date:	2025-02-12T00:00:00
db:	JVNDB	id:	JVNDB-2023-023919	date:	2024-12-23T03:23:00
db:	NVD	id:	CVE-2023-6711	date:	2024-09-25T09:15:02.930

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-02737	date:	2025-02-12T00:00:00
db:	JVNDB	id:	JVNDB-2023-023919	date:	2024-01-30T00:00:00
db:	NVD	id:	CVE-2023-6711	date:	2023-12-19T15:15:09.257