CVE-2023-4518 MEDIUM

CVE-2023-4518

Vendor Hitachi Energy
Product Relion670
Weakness CWE-1284
Published December 1, 2023
Last update September 23, 2024

CVSS base score

6.5/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

A vulnerability exists in the input validation of the GOOSE messages where out of range values received and processed by the IED caused a reboot of the device. In order for an attacker to exploit the vulnerability, goose receiving blocks need to be configured.

Key dates

02Disclosure timeline

December 1, 2023 CVE published
September 23, 2024 Record updated

Related vulnerabilities

04Related CVE