This advisory describes an improper input validation vulnerability in the Hitachi ABB Power Grids Relion 670, 650, and SAM600-IO; REB500; RTU500; FOX615 (TEGO1); MSM; GMS600; PWC600 products. The vulnerability was reported by Markus Mahrla, of GAI NetConsult and Lars Lengersdorf, of Amprion. Hitachi ABB has revisions that mitigate the vulnerability. There is no indication that the researchers have been provided an opportunity to verify the efficacy of the fix.
NCCIC-ICS reports that a relatively low-skilled attacker could remotely exploit the vulnerability to reboot the device regularly, resulting in a denial-of-service condition. During the reboot phase, the primary functionality of the device is not available.
NOTE: Hitachi ABB published separate advisories for each of the affected product lines.
• Relion
670, 650, and SAM600-IO
• REB500
• RTU500
• MSM
• GMS600
• PWC600
No comments:
Post a Comment