Sign-up

ID

VAR-202312-1763


CVE

CVE-2023-5768


TITLE

plural  Hitachi Energy  Cross-site scripting vulnerability in the product

Trust: 0.8

sources: JVNDB: JVNDB-2023-018634

DESCRIPTION

A vulnerability exists in the HCI IEC 60870-5-104 that affects the RTU500 series product versions listed below. Incomplete or wrong received APDU frame layout may cause blocking on link layer. Error reason was an endless blocking when reading incoming frames on link layer with wrong length information of APDU or delayed reception of data octets. Only communication link of affected HCI IEC 60870-5-104 is blocked. If attack sequence stops the communication to the previously attacked link gets normal again. rtu520 firmware, rtu530 firmware, rtu540 firmware etc. Hitachi Energy A cross-site scripting vulnerability exists in the product.Information may be obtained and information may be tampered with. Hitachi Energy RTU500 is a series of industrial control components of Hitachi, Ltd

Trust: 2.16

sources: NVD: CVE-2023-5768 // JVNDB: JVNDB-2023-018634 // CNVD: CNVD-2025-02741

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-02741

AFFECTED PRODUCTS

vendor:hitachienergymodel:rtu520scope:gteversion:12.4.1

Trust: 1.0

vendor:hitachienergymodel:rtu530scope:lteversion:12.7.6

Trust: 1.0

vendor:hitachienergymodel:rtu560scope:lteversion:12.0.14

Trust: 1.0

vendor:hitachienergymodel:rtu520scope:lteversion:12.2.11

Trust: 1.0

vendor:hitachienergymodel:rtu540scope:lteversion:12.2.11

Trust: 1.0

vendor:hitachienergymodel:rtu530scope:lteversion:13.4.3

Trust: 1.0

vendor:hitachienergymodel:rtu530scope:gteversion:12.0.1

Trust: 1.0

vendor:hitachienergymodel:rtu520scope:lteversion:12.7.6

Trust: 1.0

vendor:hitachienergymodel:rtu540scope:lteversion:12.7.6

Trust: 1.0

vendor:hitachienergymodel:rtu530scope:lteversion:13.2.6

Trust: 1.0

vendor:hitachienergymodel:rtu560scope:lteversion:12.4.11

Trust: 1.0

vendor:hitachienergymodel:rtu520scope:lteversion:13.4.3

Trust: 1.0

vendor:hitachienergymodel:rtu520scope:gteversion:12.0.1

Trust: 1.0

vendor:hitachienergymodel:rtu560scope:gteversion:13.2.1

Trust: 1.0

vendor:hitachienergymodel:rtu540scope:lteversion:13.4.3

Trust: 1.0

vendor:hitachienergymodel:rtu540scope:gteversion:13.2.1

Trust: 1.0

vendor:hitachienergymodel:rtu530scope:gteversion:13.4.1

Trust: 1.0

vendor:hitachienergymodel:rtu530scope:gteversion:12.7.1

Trust: 1.0

vendor:hitachienergymodel:rtu520scope:lteversion:13.2.6

Trust: 1.0

vendor:hitachienergymodel:rtu560scope:gteversion:12.6.1

Trust: 1.0

vendor:hitachienergymodel:rtu540scope:lteversion:13.2.6

Trust: 1.0

vendor:hitachienergymodel:rtu540scope:gteversion:12.6.1

Trust: 1.0

vendor:hitachienergymodel:rtu560scope:gteversion:12.4.1

Trust: 1.0

vendor:hitachienergymodel:rtu520scope:gteversion:13.4.1

Trust: 1.0

vendor:hitachienergymodel:rtu520scope:gteversion:12.7.1

Trust: 1.0

vendor:hitachienergymodel:rtu540scope:gteversion:12.4.1

Trust: 1.0

vendor:hitachienergymodel:rtu530scope:gteversion:12.2.1

Trust: 1.0

vendor:hitachienergymodel:rtu560scope:lteversion:12.2.11

Trust: 1.0

vendor:hitachienergymodel:rtu560scope:lteversion:12.7.6

Trust: 1.0

vendor:hitachienergymodel:rtu520scope:gteversion:12.2.1

Trust: 1.0

vendor:hitachienergymodel:rtu560scope:lteversion:13.4.3

Trust: 1.0

vendor:hitachienergymodel:rtu560scope:gteversion:12.0.1

Trust: 1.0

vendor:hitachienergymodel:rtu530scope:lteversion:12.6.9

Trust: 1.0

vendor:hitachienergymodel:rtu540scope:gteversion:12.0.1

Trust: 1.0

vendor:hitachienergymodel:rtu560scope:lteversion:13.2.6

Trust: 1.0

vendor:hitachienergymodel:rtu530scope:lteversion:12.0.14

Trust: 1.0

vendor:hitachienergymodel:rtu520scope:lteversion:12.6.9

Trust: 1.0

vendor:hitachienergymodel:rtu540scope:lteversion:12.6.9

Trust: 1.0

vendor:hitachienergymodel:rtu560scope:gteversion:13.4.1

Trust: 1.0

vendor:hitachienergymodel:rtu540scope:gteversion:12.7.1

Trust: 1.0

vendor:hitachienergymodel:rtu560scope:gteversion:12.7.1

Trust: 1.0

vendor:hitachienergymodel:rtu540scope:gteversion:13.4.1

Trust: 1.0

vendor:hitachienergymodel:rtu520scope:lteversion:12.0.14

Trust: 1.0

vendor:hitachienergymodel:rtu530scope:lteversion:12.4.11

Trust: 1.0

vendor:hitachienergymodel:rtu530scope:gteversion:13.2.1

Trust: 1.0

vendor:hitachienergymodel:rtu540scope:lteversion:12.0.14

Trust: 1.0

vendor:hitachienergymodel:rtu560scope:gteversion:12.2.1

Trust: 1.0

vendor:hitachienergymodel:rtu560scope:lteversion:12.6.9

Trust: 1.0

vendor:hitachienergymodel:rtu520scope:lteversion:12.4.11

Trust: 1.0

vendor:hitachienergymodel:rtu540scope:gteversion:12.2.1

Trust: 1.0

vendor:hitachienergymodel:rtu530scope:gteversion:12.6.1

Trust: 1.0

vendor:hitachienergymodel:rtu520scope:gteversion:13.2.1

Trust: 1.0

vendor:hitachienergymodel:rtu540scope:lteversion:12.4.11

Trust: 1.0

vendor:hitachienergymodel:rtu530scope:gteversion:12.4.1

Trust: 1.0

vendor:hitachienergymodel:rtu530scope:lteversion:12.2.11

Trust: 1.0

vendor:hitachienergymodel:rtu520scope:gteversion:12.6.1

Trust: 1.0

vendor:hitachi energymodel:rtu530scope: - version: -

Trust: 0.8

vendor:hitachi energymodel:rtu560scope: - version: -

Trust: 0.8

vendor:hitachi energymodel:rtu540scope: - version: -

Trust: 0.8

vendor:hitachi energymodel:rtu520scope: - version: -

Trust: 0.8

vendor:hitachimodel:energy rtu500 series cmuscope:gteversion:12.0.1,<=12.0.14

Trust: 0.6

sources: CNVD: CNVD-2025-02741 // JVNDB: JVNDB-2023-018634 // NVD: CVE-2023-5768

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-5768
value: MEDIUM

Trust: 1.0

cybersecurity@hitachienergy.com: CVE-2023-5768
value: MEDIUM

Trust: 1.0

NVD: CVE-2023-5768
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2025-02741
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2025-02741
severity: MEDIUM
baseScore: 5.4
vectorString: AV:N/AC:H/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2023-5768
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.1

Trust: 1.0

cybersecurity@hitachienergy.com: CVE-2023-5768
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2023-5768
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-02741 // JVNDB: JVNDB-2023-018634 // NVD: CVE-2023-5768 // NVD: CVE-2023-5768

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.0

problemtype:Cross-site scripting (CWE-79) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-018634 // NVD: CVE-2023-5768

PATCH

title:Patch for Hitachi Energy RTU500 series CMU Firmware Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/654831

Trust: 0.6

sources: CNVD: CNVD-2025-02741

EXTERNAL IDS

db:NVDid:CVE-2023-5768

Trust: 3.2

db:JVNDBid:JVNDB-2023-018634

Trust: 0.8

db:CNVDid:CNVD-2025-02741

Trust: 0.6

sources: CNVD: CNVD-2025-02741 // JVNDB: JVNDB-2023-018634 // NVD: CVE-2023-5768

REFERENCES

url:https://publisher.hitachienergy.com/preview?documentid=8dbd000176&languagecode=en&preview=true

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2023-5768

Trust: 0.8

sources: CNVD: CNVD-2025-02741 // JVNDB: JVNDB-2023-018634 // NVD: CVE-2023-5768

SOURCES

db:CNVDid:CNVD-2025-02741
db:JVNDBid:JVNDB-2023-018634
db:NVDid:CVE-2023-5768

LAST UPDATE DATE

2025-02-14T23:09:05.536000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-02741date:2025-02-12T00:00:00
db:JVNDBid:JVNDB-2023-018634date:2024-01-11T07:50:00
db:NVDid:CVE-2023-5768date:2023-12-07T21:02:40.177

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-02741date:2025-02-13T00:00:00
db:JVNDBid:JVNDB-2023-018634date:2024-01-11T00:00:00
db:NVDid:CVE-2023-5768date:2023-12-04T15:15:07.793