Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-27196

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-14 Jun, 2021 | 21:20
Updated At-17 Sep, 2024 | 03:17
Rejected At-
Credits

Specially Crafted IEC 61850 Protocol Sequence Vulnerability

Improper Input Validation vulnerability in Hitachi ABB Power Grids Relion 670 Series, Relion 670/650 Series, Relion 670/650/SAM600-IO, Relion 650, REB500, RTU500 Series, FOX615 (TEGO1), MSM, GMS600, PWC600 allows an attacker with access to the IEC 61850 network with knowledge of how to reproduce the attack, as well as the IP addresses of the different IEC 61850 access points (of IEDs/products), to force the device to reboot, which renders the device inoperable for approximately 60 seconds. This vulnerability affects only products with IEC 61850 interfaces. This issue affects: Hitachi ABB Power Grids Relion 670 Series 1.1; 1.2.3 versions prior to 1.2.3.20; 2.0 versions prior to 2.0.0.13; 2.1; 2.2.2 versions prior to 2.2.2.3; 2.2.3 versions prior to 2.2.3.2. Hitachi ABB Power Grids Relion 670/650 Series 2.2.0 versions prior to 2.2.0.13. Hitachi ABB Power Grids Relion 670/650/SAM600-IO 2.2.1 versions prior to 2.2.1.6. Hitachi ABB Power Grids Relion 650 1.1; 1.2; 1.3 versions prior to 1.3.0.7. Hitachi ABB Power Grids REB500 7.3; 7.4; 7.5; 7.6; 8.2; 8.3. Hitachi ABB Power Grids RTU500 Series 7.x version 7.x and prior versions; 8.x version 8.x and prior versions; 9.x version 9.x and prior versions; 10.x version 10.x and prior versions; 11.x version 11.x and prior versions; 12.x version 12.x and prior versions. Hitachi ABB Power Grids FOX615 (TEGO1) R1D02 version R1D02 and prior versions. Hitachi ABB Power Grids MSM 2.1.0 versions prior to 2.1.0. Hitachi ABB Power Grids GMS600 1.3.0 version 1.3.0 and prior versions. Hitachi ABB Power Grids PWC600 1.0 versions prior to 1.0.1.4; 1.1 versions prior to 1.1.0.1.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:14 Jun, 2021 | 21:20
Updated At:17 Sep, 2024 | 03:17
Rejected At:
▼CVE Numbering Authority (CNA)
Specially Crafted IEC 61850 Protocol Sequence Vulnerability

Improper Input Validation vulnerability in Hitachi ABB Power Grids Relion 670 Series, Relion 670/650 Series, Relion 670/650/SAM600-IO, Relion 650, REB500, RTU500 Series, FOX615 (TEGO1), MSM, GMS600, PWC600 allows an attacker with access to the IEC 61850 network with knowledge of how to reproduce the attack, as well as the IP addresses of the different IEC 61850 access points (of IEDs/products), to force the device to reboot, which renders the device inoperable for approximately 60 seconds. This vulnerability affects only products with IEC 61850 interfaces. This issue affects: Hitachi ABB Power Grids Relion 670 Series 1.1; 1.2.3 versions prior to 1.2.3.20; 2.0 versions prior to 2.0.0.13; 2.1; 2.2.2 versions prior to 2.2.2.3; 2.2.3 versions prior to 2.2.3.2. Hitachi ABB Power Grids Relion 670/650 Series 2.2.0 versions prior to 2.2.0.13. Hitachi ABB Power Grids Relion 670/650/SAM600-IO 2.2.1 versions prior to 2.2.1.6. Hitachi ABB Power Grids Relion 650 1.1; 1.2; 1.3 versions prior to 1.3.0.7. Hitachi ABB Power Grids REB500 7.3; 7.4; 7.5; 7.6; 8.2; 8.3. Hitachi ABB Power Grids RTU500 Series 7.x version 7.x and prior versions; 8.x version 8.x and prior versions; 9.x version 9.x and prior versions; 10.x version 10.x and prior versions; 11.x version 11.x and prior versions; 12.x version 12.x and prior versions. Hitachi ABB Power Grids FOX615 (TEGO1) R1D02 version R1D02 and prior versions. Hitachi ABB Power Grids MSM 2.1.0 versions prior to 2.1.0. Hitachi ABB Power Grids GMS600 1.3.0 version 1.3.0 and prior versions. Hitachi ABB Power Grids PWC600 1.0 versions prior to 1.0.1.4; 1.1 versions prior to 1.1.0.1.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Refer to the cybersecurity advisories at https://www.hitachiabb-powergrids.com/offering/solutions/cybersecurity/alerts-and-notifications

Configurations
Workarounds
Exploits
Credits
Hitachi ABB Power Grids thanks the following for working with us to help protect customers: Markus Mahrla, GAI NetConsult GmbH and Lars Lengersdorf, Amprion GmbH
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A8932&LanguageCode=en&DocumentPartId=&Action=Launch
x_refsource_CONFIRM
https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A8936&LanguageCode=en&DocumentPartId=&Action=Launch
x_refsource_CONFIRM
https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A8934&LanguageCode=en&DocumentPartId=&Action=Launch
x_refsource_CONFIRM
https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A8937&LanguageCode=en&DocumentPartId=&Action=Launch
x_refsource_CONFIRM
https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A9057&LanguageCode=en&DocumentPartId=&Action=Launch
x_refsource_CONFIRM
https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A9058&LanguageCode=en&DocumentPartId=&Action=Launch
x_refsource_CONFIRM
https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A9059&LanguageCode=en&DocumentPartId=&Action=Launch
x_refsource_CONFIRM
Hyperlink: https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A8932&LanguageCode=en&DocumentPartId=&Action=Launch
Resource:
x_refsource_CONFIRM
Hyperlink: https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A8936&LanguageCode=en&DocumentPartId=&Action=Launch
Resource:
x_refsource_CONFIRM
Hyperlink: https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A8934&LanguageCode=en&DocumentPartId=&Action=Launch
Resource:
x_refsource_CONFIRM
Hyperlink: https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A8937&LanguageCode=en&DocumentPartId=&Action=Launch
Resource:
x_refsource_CONFIRM
Hyperlink: https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A9057&LanguageCode=en&DocumentPartId=&Action=Launch
Resource:
x_refsource_CONFIRM
Hyperlink: https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A9058&LanguageCode=en&DocumentPartId=&Action=Launch
Resource:
x_refsource_CONFIRM
Hyperlink: https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A9059&LanguageCode=en&DocumentPartId=&Action=Launch
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A8932&LanguageCode=en&DocumentPartId=&Action=Launch
x_refsource_CONFIRM
x_transferred
https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A8936&LanguageCode=en&DocumentPartId=&Action=Launch
x_refsource_CONFIRM
x_transferred
https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A8934&LanguageCode=en&DocumentPartId=&Action=Launch
x_refsource_CONFIRM
x_transferred
https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A8937&LanguageCode=en&DocumentPartId=&Action=Launch
x_refsource_CONFIRM
x_transferred
https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A9057&LanguageCode=en&DocumentPartId=&Action=Launch
x_refsource_CONFIRM
x_transferred
https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A9058&LanguageCode=en&DocumentPartId=&Action=Launch
x_refsource_CONFIRM
x_transferred
https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A9059&LanguageCode=en&DocumentPartId=&Action=Launch
x_refsource_CONFIRM
x_transferred
Hyperlink: https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A8932&LanguageCode=en&DocumentPartId=&Action=Launch
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A8936&LanguageCode=en&DocumentPartId=&Action=Launch
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A8934&LanguageCode=en&DocumentPartId=&Action=Launch
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A8937&LanguageCode=en&DocumentPartId=&Action=Launch
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A9057&LanguageCode=en&DocumentPartId=&Action=Launch
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A9058&LanguageCode=en&DocumentPartId=&Action=Launch
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A9059&LanguageCode=en&DocumentPartId=&Action=Launch
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:14 Jun, 2021 | 22:15
Updated At:16 May, 2023 | 21:04

Improper Input Validation vulnerability in Hitachi ABB Power Grids Relion 670 Series, Relion 670/650 Series, Relion 670/650/SAM600-IO, Relion 650, REB500, RTU500 Series, FOX615 (TEGO1), MSM, GMS600, PWC600 allows an attacker with access to the IEC 61850 network with knowledge of how to reproduce the attack, as well as the IP addresses of the different IEC 61850 access points (of IEDs/products), to force the device to reboot, which renders the device inoperable for approximately 60 seconds. This vulnerability affects only products with IEC 61850 interfaces. This issue affects: Hitachi ABB Power Grids Relion 670 Series 1.1; 1.2.3 versions prior to 1.2.3.20; 2.0 versions prior to 2.0.0.13; 2.1; 2.2.2 versions prior to 2.2.2.3; 2.2.3 versions prior to 2.2.3.2. Hitachi ABB Power Grids Relion 670/650 Series 2.2.0 versions prior to 2.2.0.13. Hitachi ABB Power Grids Relion 670/650/SAM600-IO 2.2.1 versions prior to 2.2.1.6. Hitachi ABB Power Grids Relion 650 1.1; 1.2; 1.3 versions prior to 1.3.0.7. Hitachi ABB Power Grids REB500 7.3; 7.4; 7.5; 7.6; 8.2; 8.3. Hitachi ABB Power Grids RTU500 Series 7.x version 7.x and prior versions; 8.x version 8.x and prior versions; 9.x version 9.x and prior versions; 10.x version 10.x and prior versions; 11.x version 11.x and prior versions; 12.x version 12.x and prior versions. Hitachi ABB Power Grids FOX615 (TEGO1) R1D02 version R1D02 and prior versions. Hitachi ABB Power Grids MSM 2.1.0 versions prior to 2.1.0. Hitachi ABB Power Grids GMS600 1.3.0 version 1.3.0 and prior versions. Hitachi ABB Power Grids PWC600 1.0 versions prior to 1.0.1.4; 1.1 versions prior to 1.1.0.1.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Secondary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches
Hitachi Energy Ltd.
hitachienergy
>>relion_670>>-
cpe:2.3:h:hitachienergy:relion_670:-:*:*:*:*:*:*:*
Hitachi Energy Ltd.
hitachienergy
>>relion_670_firmware>>Versions from 1.2.3(inclusive) to 1.2.3.20(exclusive)
cpe:2.3:o:hitachienergy:relion_670_firmware:*:*:*:*:*:*:*:*
Hitachi Energy Ltd.
hitachienergy
>>relion_670_firmware>>Versions from 2.0(inclusive) to 2.0.0.13(exclusive)
cpe:2.3:o:hitachienergy:relion_670_firmware:*:*:*:*:*:*:*:*
Hitachi Energy Ltd.
hitachienergy
>>relion_670_firmware>>Versions from 2.2.0(inclusive) to 2.2.0.13(exclusive)
cpe:2.3:o:hitachienergy:relion_670_firmware:*:*:*:*:*:*:*:*
Hitachi Energy Ltd.
hitachienergy
>>relion_670_firmware>>Versions from 2.2.1(inclusive) to 2.2.1.6(exclusive)
cpe:2.3:o:hitachienergy:relion_670_firmware:*:*:*:*:*:*:*:*
Hitachi Energy Ltd.
hitachienergy
>>relion_670_firmware>>Versions from 2.2.2(inclusive) to 2.2.2.3(exclusive)
cpe:2.3:o:hitachienergy:relion_670_firmware:*:*:*:*:*:*:*:*
Hitachi Energy Ltd.
hitachienergy
>>relion_670_firmware>>Versions from 2.2.3(inclusive) to 2.2.3.2(exclusive)
cpe:2.3:o:hitachienergy:relion_670_firmware:*:*:*:*:*:*:*:*
Hitachi Energy Ltd.
hitachienergy
>>relion_670_firmware>>1.1
cpe:2.3:o:hitachienergy:relion_670_firmware:1.1:*:*:*:*:*:*:*
Hitachi Energy Ltd.
hitachienergy
>>relion_670_firmware>>2.1
cpe:2.3:o:hitachienergy:relion_670_firmware:2.1:*:*:*:*:*:*:*
Hitachi Energy Ltd.
hitachienergy
>>relion_650>>-
cpe:2.3:h:hitachienergy:relion_650:-:*:*:*:*:*:*:*
Hitachi Energy Ltd.
hitachienergy
>>relion_650_firmware>>Versions from 1.3(inclusive) to 1.3.0.7(exclusive)
cpe:2.3:o:hitachienergy:relion_650_firmware:*:*:*:*:*:*:*:*
Hitachi Energy Ltd.
hitachienergy
>>relion_650_firmware>>Versions from 2.2.0(inclusive) to 2.2.0.13(exclusive)
cpe:2.3:o:hitachienergy:relion_650_firmware:*:*:*:*:*:*:*:*
Hitachi Energy Ltd.
hitachienergy
>>relion_650_firmware>>Versions from 2.2.1(inclusive) to 2.2.1.6(exclusive)
cpe:2.3:o:hitachienergy:relion_650_firmware:*:*:*:*:*:*:*:*
Hitachi Energy Ltd.
hitachienergy
>>relion_650_firmware>>1.1
cpe:2.3:o:hitachienergy:relion_650_firmware:1.1:*:*:*:*:*:*:*
Hitachi Energy Ltd.
hitachienergy
>>relion_650_firmware>>1.2
cpe:2.3:o:hitachienergy:relion_650_firmware:1.2:*:*:*:*:*:*:*
Hitachi Energy Ltd.
hitachienergy
>>relion_650_firmware>>2.1
cpe:2.3:o:hitachienergy:relion_650_firmware:2.1:*:*:*:*:*:*:*
Hitachi Energy Ltd.
hitachienergy
>>relion_sam600-io>>-
cpe:2.3:h:hitachienergy:relion_sam600-io:-:*:*:*:*:*:*:*
Hitachi Energy Ltd.
hitachienergy
>>relion_sam600-io_firmware>>Versions from 2.2.1(inclusive) to 2.2.1.6(exclusive)
cpe:2.3:o:hitachienergy:relion_sam600-io_firmware:*:*:*:*:*:*:*:*
Hitachi Energy Ltd.
hitachienergy
>>rtu500>>-
cpe:2.3:h:hitachienergy:rtu500:-:*:*:*:*:*:*:*
Hitachi Energy Ltd.
hitachienergy
>>rtu500_firmware>>7.0
cpe:2.3:o:hitachienergy:rtu500_firmware:7.0:*:*:*:*:*:*:*
Hitachi Energy Ltd.
hitachienergy
>>rtu500_firmware>>8.0
cpe:2.3:o:hitachienergy:rtu500_firmware:8.0:*:*:*:*:*:*:*
Hitachi Energy Ltd.
hitachienergy
>>rtu500_firmware>>9.0
cpe:2.3:o:hitachienergy:rtu500_firmware:9.0:*:*:*:*:*:*:*
Hitachi Energy Ltd.
hitachienergy
>>rtu500_firmware>>10.0
cpe:2.3:o:hitachienergy:rtu500_firmware:10.0:*:*:*:*:*:*:*
Hitachi Energy Ltd.
hitachienergy
>>rtu500_firmware>>11.0
cpe:2.3:o:hitachienergy:rtu500_firmware:11.0:*:*:*:*:*:*:*
Hitachi Energy Ltd.
hitachienergy
>>rtu500_firmware>>12.0
cpe:2.3:o:hitachienergy:rtu500_firmware:12.0:*:*:*:*:*:*:*
Hitachi Energy Ltd.
hitachienergy
>>reb500>>-
cpe:2.3:h:hitachienergy:reb500:-:*:*:*:*:*:*:*
Hitachi Energy Ltd.
hitachienergy
>>reb500_firmware>>Versions from 7.3(inclusive) to 7.60.19(exclusive)
cpe:2.3:o:hitachienergy:reb500_firmware:*:*:*:*:*:*:*:*
Hitachi Energy Ltd.
hitachienergy
>>reb500_firmware>>Versions from 8.2(inclusive) to 8.2.0.5(exclusive)
cpe:2.3:o:hitachienergy:reb500_firmware:*:*:*:*:*:*:*:*
Hitachi Energy Ltd.
hitachienergy
>>reb500_firmware>>Versions from 8.3(inclusive) to 8.3.1.0(inclusive)
cpe:2.3:o:hitachienergy:reb500_firmware:*:*:*:*:*:*:*:*
Hitachi Energy Ltd.
hitachienergy
>>fox615_tego1>>-
cpe:2.3:h:hitachienergy:fox615_tego1:-:*:*:*:*:*:*:*
Hitachi Energy Ltd.
hitachienergy
>>fox615_tego1_firmware>>Versions before r2a16(exclusive)
cpe:2.3:o:hitachienergy:fox615_tego1_firmware:*:*:*:*:*:*:*:*
Hitachi Energy Ltd.
hitachienergy
>>modular_switchgear_monitoring>>-
cpe:2.3:h:hitachienergy:modular_switchgear_monitoring:-:*:*:*:*:*:*:*
Hitachi Energy Ltd.
hitachienergy
>>modular_switchgear_monitoring_firmware>>Versions before 2.1.0(exclusive)
cpe:2.3:o:hitachienergy:modular_switchgear_monitoring_firmware:*:*:*:*:*:*:*:*
Hitachi Energy Ltd.
hitachienergy
>>gms600>>-
cpe:2.3:h:hitachienergy:gms600:-:*:*:*:*:*:*:*
Hitachi Energy Ltd.
hitachienergy
>>gms600_firmware>>Versions up to 1.3.0(inclusive)
cpe:2.3:o:hitachienergy:gms600_firmware:*:*:*:*:*:*:*:*
Hitachi Energy Ltd.
hitachienergy
>>pwc600_firmware>>Versions from 1.0(inclusive) to 1.0.1.4(exclusive)
cpe:2.3:o:hitachienergy:pwc600_firmware:*:*:*:*:*:*:*:*
Hitachi Energy Ltd.
hitachienergy
>>pwc600_firmware>>Versions from 1.1(inclusive) to 1.1.0.1(exclusive)
cpe:2.3:o:hitachienergy:pwc600_firmware:*:*:*:*:*:*:*:*
Hitachi Energy Ltd.
hitachienergy
>>pwc600>>-
cpe:2.3:h:hitachienergy:pwc600:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A8932&LanguageCode=en&DocumentPartId=&Action=Launchcve@mitre.org
Vendor Advisory
https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A8934&LanguageCode=en&DocumentPartId=&Action=Launchcve@mitre.org
Vendor Advisory
https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A8936&LanguageCode=en&DocumentPartId=&Action=Launchcve@mitre.org
Vendor Advisory
https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A8937&LanguageCode=en&DocumentPartId=&Action=Launchcve@mitre.org
Vendor Advisory
https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A9057&LanguageCode=en&DocumentPartId=&Action=Launchcve@mitre.org
Vendor Advisory
https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A9058&LanguageCode=en&DocumentPartId=&Action=Launchcve@mitre.org
Vendor Advisory
https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A9059&LanguageCode=en&DocumentPartId=&Action=Launchcve@mitre.org
Vendor Advisory
Hyperlink: https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A8932&LanguageCode=en&DocumentPartId=&Action=Launch
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A8934&LanguageCode=en&DocumentPartId=&Action=Launch
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A8936&LanguageCode=en&DocumentPartId=&Action=Launch
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A8937&LanguageCode=en&DocumentPartId=&Action=Launch
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A9057&LanguageCode=en&DocumentPartId=&Action=Launch
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A9058&LanguageCode=en&DocumentPartId=&Action=Launch
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A9059&LanguageCode=en&DocumentPartId=&Action=Launch
Source: cve@mitre.org
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

1627Records found
CVE-2019-18247
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.55% / 68.37%
||
7 Day CHG~0.00%
Published-27 Nov, 2019 | 22:03
Updated-05 Aug, 2024 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An attacker may use a specially crafted message to force Relion 650 series (versions 1.3.0.5 and prior) or Relion 670 series (versions 1.2.3.18, 2.0.0.11, 2.1.0.1 and prior) to reboot, which could cause a denial of service.

Action-Not Available
Vendor-n/aHitachi Energy Ltd.
Product-relion_670relion_650relion_670_firmwarerelion_650_firmwareRelion 650 and 670 Series
CWE ID-CWE-20
Improper Input Validation
CVE-2022-29922
Matching Score-10
Assigner-Hitachi Energy
ShareView Details
Matching Score-10
Assigner-Hitachi Energy
CVSS Score-7.5||HIGH
EPSS-0.39% / 60.38%
||
7 Day CHG~0.00%
Published-14 Sep, 2022 | 17:03
Updated-04 Jun, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
A vulnerability exists in the handling of a specially crafted IEC 61850 packet with a valid data item but with incorrect data type in the IEC 61850 OPC Server. The vulnerability may cause a denial-of-service on the IEC 61850 OPC Server part of the SYS ...

Improper Input Validation vulnerability in the handling of a specially crafted IEC 61850 packet with a valid data item but with incorrect data type in the IEC 61850 OPC Server in the Hitachi Energy MicroSCADA X SYS600, MicroSCADA Pro SYS600. The vulnerability may cause a denial-of-service on the IEC 61850 OPC Server part of the SYS600 product. This issue affects: Hitachi Energy MicroSCADA Pro SYS600 version 9.4 FP2 Hotfix 4 and earlier versions Hitachi Energy MicroSCADA X SYS600 version 10 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.0:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*

Action-Not Available
Vendor-Hitachi Energy Ltd.
Product-sys600microscada_x_sys600MicroSCADA Pro SYS600MicroSCADA X SYS600
CWE ID-CWE-20
Improper Input Validation
CVE-2022-29492
Matching Score-10
Assigner-Hitachi Energy
ShareView Details
Matching Score-10
Assigner-Hitachi Energy
CVSS Score-5.3||MEDIUM
EPSS-0.28% / 51.48%
||
7 Day CHG~0.00%
Published-14 Sep, 2022 | 17:07
Updated-04 Jun, 2025 | 15:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
A vulnerability exists in the handling of a malformed IEC 104 TCP packet. Upon receiving a malformed IEC 104 TCP packet, the malformed packet is dropped, however the TCP connection is left open. This may cause a denial-of-service if the affected conne ...

Improper Input Validation vulnerability in the handling of a malformed IEC 104 TCP packet in the Hitachi Energy MicroSCADA X SYS600, MicroSCADA Pro SYS600. Upon receiving a malformed IEC 104 TCP packet, the malformed packet is dropped, however the TCP connection is left open. This may cause a denial-of-service if the affected connection is left open. This issue affects: Hitachi Energy MicroSCADA Pro SYS600 version 9.4 FP2 Hotfix 4 and earlier versions Hitachi Energy MicroSCADA X SYS600 version 10 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.0:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*

Action-Not Available
Vendor-Hitachi Energy Ltd.
Product-sys600microscada_x_sys600MicroSCADA Pro SYS600MicroSCADA X SYS600
CWE ID-CWE-20
Improper Input Validation
CVE-2022-2502
Matching Score-10
Assigner-Hitachi Energy
ShareView Details
Matching Score-10
Assigner-Hitachi Energy
CVSS Score-7.5||HIGH
EPSS-0.08% / 23.16%
||
7 Day CHG~0.00%
Published-26 Jul, 2023 | 05:25
Updated-05 Mar, 2025 | 18:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability exists in the HCI IEC 60870-5-104 function included in certain versions of the RTU500 series product. The vulnerability can only be exploited, if the HCI 60870-5-104 is configured with support for IEC 62351-5 and the CMU contains the license feature ‘Advanced security’ which must be ordered separately. If these preconditions are fulfilled, an attacker could exploit the vulnerability by sending a specially crafted message to the RTU500, causing the targeted RTU500 CMU to reboot. The vulnerability is caused by a missing input data validation which eventually if exploited causes an internal buffer to overflow in the HCI IEC 60870-5-104 function.

Action-Not Available
Vendor-Hitachi Energy Ltd.
Product-rtu500_firmwarertu500RTU500 series
CWE ID-CWE-20
Improper Input Validation
CVE-2021-35533
Matching Score-10
Assigner-Hitachi Energy
ShareView Details
Matching Score-10
Assigner-Hitachi Energy
CVSS Score-7.5||HIGH
EPSS-0.37% / 59.04%
||
7 Day CHG~0.00%
Published-26 Nov, 2021 | 16:37
Updated-16 Sep, 2024 | 21:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Specially Crafted IEC 60870-5-104 Packet Vulnerability in RTU500 series

Improper Input Validation vulnerability in the APDU parser in the Bidirectional Communication Interface (BCI) IEC 60870-5-104 function of Hitachi Energy RTU500 series allows an attacker to cause the receiving RTU500 CMU of which the BCI is enabled to reboot when receiving a specially crafted message. By default, BCI IEC 60870-5-104 function is disabled (not configured). This issue affects: Hitachi Energy RTU500 series CMU Firmware version 12.0.* (all versions); CMU Firmware version 12.2.* (all versions); CMU Firmware version 12.4.* (all versions).

Action-Not Available
Vendor-Hitachi Energy Ltd.
Product-rtu500_firmwarertu500RTU500 series
CWE ID-CWE-20
Improper Input Validation
CVE-2022-2081
Matching Score-8
Assigner-Hitachi Energy
ShareView Details
Matching Score-8
Assigner-Hitachi Energy
CVSS Score-7.5||HIGH
EPSS-0.15% / 35.97%
||
7 Day CHG~0.00%
Published-04 Jan, 2024 | 09:15
Updated-22 May, 2025 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability exists in the HCI Modbus TCP function included in the product versions listed above. If the HCI Modbus TCP is enabled and configured, an attacker could exploit the vulnerability by sending a specially crafted message to the RTU500 in a high rate, causing the targeted RTU500 CMU to reboot. The vulnerability is caused by a lack of flood control which eventually if exploited causes an internal stack overflow in the HCI Modbus TCP function.

Action-Not Available
Vendor-Hitachi Energy Ltd.
Product-rtu560rtu520_firmwarertu540_firmwarertu560_firmwarertu520rtu530_firmwarertu530rtu540RTU500 series CMU firmware
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-4608
Matching Score-8
Assigner-Hitachi Energy
ShareView Details
Matching Score-8
Assigner-Hitachi Energy
CVSS Score-7.5||HIGH
EPSS-0.07% / 22.40%
||
7 Day CHG~0.00%
Published-26 Jul, 2023 | 05:26
Updated-05 Mar, 2025 | 18:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability exists in HCI IEC 60870-5-104 function included in certain versions of the RTU500 series product. The vulnerability can only be exploited, if the HCI 60870-5-104 is configured with support for IEC 62351-3. After session resumption interval is expired an RTU500 initiated update of session parameters causes an unexpected restart due to a stack overflow.

Action-Not Available
Vendor-Hitachi Energy Ltd.
Product-rtu500_firmwarertu500RTU500 series
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-3684
Matching Score-8
Assigner-Hitachi Energy
ShareView Details
Matching Score-8
Assigner-Hitachi Energy
CVSS Score-7.5||HIGH
EPSS-0.39% / 60.38%
||
7 Day CHG~0.00%
Published-28 Mar, 2023 | 12:49
Updated-19 Feb, 2025 | 15:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SDM600 endpoint vulnerability

A vulnerability exists in a SDM600 endpoint. An attacker could exploit this vulnerability by running multiple parallel requests, the SDM600 web services become busy rendering the application unresponsive. This issue affects: All SDM600 versions prior to version 1.2 FP3 HF4 (Build Nr. 1.2.23000.291) List of CPEs: * cpe:2.3:a:hitachienergy:sdm600:1.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.1:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.9002.257:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.10002.257:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.11002.149:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.12002.222:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.13002.72:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.44:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.92:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.108:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.182:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.257:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.342:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.447:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.481:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.506:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.566:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.20000.3174:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.21000.291:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.21000.931:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.21000.105:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.23000.291:*:*:*:*:*:*:*

Action-Not Available
Vendor-Hitachi Energy Ltd.
Product-sdm600SDM600
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2026-1773
Matching Score-8
Assigner-Hitachi Energy
ShareView Details
Matching Score-8
Assigner-Hitachi Energy
CVSS Score-8.7||HIGH
EPSS-0.03% / 7.95%
||
7 Day CHG~0.00%
Published-24 Feb, 2026 | 13:13
Updated-27 May, 2026 | 14:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IEC 60870-5-104 used in RTU500: Potential Denial of Service impact on reception of invalid U-format frame. Product is only affected if IEC 60870-5-104 bi-directional functionality is configured. Enabling secure communication following IEC 62351-3 does not remediate the vulnerability but mitigates the risk of exploitation.

Action-Not Available
Vendor-Hitachi Energy Ltd.
Product-rtu530rtu520rtu520_firmwarertu540_firmwarertu560rtu530_firmwarertu540rtu560_firmwareRTU500 series CMU firmware
CWE ID-CWE-184
Incomplete List of Disallowed Inputs
CVE-2022-3353
Matching Score-8
Assigner-Hitachi Energy
ShareView Details
Matching Score-8
Assigner-Hitachi Energy
CVSS Score-5.9||MEDIUM
EPSS-0.82% / 74.89%
||
7 Day CHG~0.00%
Published-21 Feb, 2023 | 13:50
Updated-12 Mar, 2025 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IEC 61850 MMS-Server Vulnerability in multiple Hitachi Energy Products

A vulnerability exists in the IEC 61850 communication stack that affects multiple Hitachi Energy products.  An attacker could exploit the vulnerability by using a specially crafted message sequence, to force the IEC 61850 MMS-server communication stack, to stop accepting new MMS-client connections.  Already existing/established client-server connections are not affected. List of affected CPEs: * cpe:2.3:o:hitachienergy:fox61x_tego1:r15b08:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:fox61x_tego1:r2a16_3:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:fox61x_tego1:r2a16:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:fox61x_tego1:r1e01:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:fox61x_tego1:r1d02:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:fox61x_tego1:r1c07:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:fox61x_tego1:r1b02:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:gms600:1.3.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.1.*:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.5.*:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.6.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.6.0.1:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.7.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.7.2:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.8.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.0.*:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.1.0.4:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.1.0.5:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.*:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.4:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.4.1:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:mms:2.2.3:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:pwc600:1.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:pwc600:1.1:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:pwc600:1.2:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:reb500:7:*:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:reb500:8:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relion670:1.2.*:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relion670:2.0.*:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relion650:1.1.*:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relion650:1.3.*:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relion650:2.1.*:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relion670:2.1.*:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relionSAM600-IO:2.2.1:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relionSAM600-IO:2.2.5:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relion670:2.2.*:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relion650:2.2.*:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:rtu500cmu:12.*.*:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:rtu500cmu:13.*.*:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:txpert_hub_coretec_4:2.*:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:txpert_hub_coretec_4:3.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:txpert_hub_coretec_5:3.0:*:*:*:*:*:*:*

Action-Not Available
Vendor-Hitachi Energy Ltd.
Product-rtu500_firmwaregms600relion_670_firmwaretxpert_hub_coretec_5relion_650_firmwarepwc600rtu500reb500txpert_hub_coretec_5_firmwareitt600_sa_explorerpwc600_firmwaresys600_firmwaremodular_switchgear_monitoringgms600_firmwarerelion_670relion_650reb500_firmwaretxpert_hub_coretec_4_firmwarerelion_sam600-io_firmwarefox615_tego1relion_sam600-iosys600txpert_hub_coretec_4fox615_tego1_firmwaremodular_switchgear_monitoring_firmwareITT600 SA ExplorerRelion® 670SAM600-IOGMS600TXpert Hub CoreTec 4FOX61x TEGO1TXpert Hub CoreTec 5REB500MSMRTU500Relion® 650MicroSCADA X SYS600PWC600
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2022-28613
Matching Score-8
Assigner-Hitachi Energy
ShareView Details
Matching Score-8
Assigner-Hitachi Energy
CVSS Score-7.5||HIGH
EPSS-0.30% / 53.33%
||
7 Day CHG~0.00%
Published-02 May, 2022 | 19:01
Updated-25 Sep, 2024 | 08:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Specially Crafted Modbus TCP Packet Vulnerability in RTU500 series

A vulnerability exists in the HCI Modbus TCP function included in the product versions listed above. If the HCI Modbus TCP is en-abled and configured, an attacker could exploit the vulnerability by sending a specially crafted message to the RTU500, causing the receiving RTU500 CMU to reboot. The vulnerability is caused by the validation error in the length information carried in MBAP header in the HCI Modbus TCP function.

Action-Not Available
Vendor-Hitachi Energy Ltd.ABB
Product-rtu500_firmwarertu500RTU500 series CMU Firmware
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CVE-2022-2277
Matching Score-8
Assigner-Hitachi Energy
ShareView Details
Matching Score-8
Assigner-Hitachi Energy
CVSS Score-7.5||HIGH
EPSS-0.43% / 63.18%
||
7 Day CHG~0.00%
Published-14 Sep, 2022 | 17:02
Updated-04 Jun, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
A vulnerability exists in the ICCP stack of the affected SYS600 versions due to validation flaw in the process that establishes the ICCP communication. The validation flaw will cause a denial-of-service when ICCP of SYS600 is request to forward any da ...

Improper Input Validation vulnerability exists in the Hitachi Energy MicroSCADA X SYS600's ICCP stack during the ICCP communication establishment causes a denial-of-service when ICCP of SYS600 is request to forward any data item updates with timestamps too distant in the future to any remote ICCP system. By default, ICCP is not configured and not enabled. This issue affects: Hitachi Energy MicroSCADA X SYS600 version 10.2 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*

Action-Not Available
Vendor-Hitachi Energy Ltd.
Product-sys600microscada_x_sys600MicroSCADA X SYS600
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CVE-2022-1778
Matching Score-8
Assigner-Hitachi Energy
ShareView Details
Matching Score-8
Assigner-Hitachi Energy
CVSS Score-7.5||HIGH
EPSS-0.20% / 42.20%
||
7 Day CHG~0.00%
Published-14 Sep, 2022 | 17:05
Updated-04 Jun, 2025 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
A vulnerability exists during the start of the affected SYS600, where an input validation flaw causes a buffer-overflow while reading a specific configuration file. Subsequently SYS600 will fail to start. The configuration file can only be accessed by ...

Improper Input Validation vulnerability in Hitachi Energy MicroSCADA X SYS600 while reading a specific configuration file causes a buffer-overflow that causes a failure to start the SYS600. The configuration file can only be accessed by an administrator access. This issue affects: Hitachi Energy MicroSCADA X SYS600 version 10 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*

Action-Not Available
Vendor-Hitachi Energy Ltd.
Product-sys600microscada_x_sys600MicroSCADA X SYS600
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-40334
Matching Score-8
Assigner-Hitachi Energy
ShareView Details
Matching Score-8
Assigner-Hitachi Energy
CVSS Score-8.6||HIGH
EPSS-0.41% / 61.58%
||
7 Day CHG~0.00%
Published-02 Dec, 2021 | 18:28
Updated-16 Sep, 2024 | 23:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SSH activation problem in the proprietary management protocol (port TCP 5558)

Missing Handler vulnerability in the proprietary management protocol (port TCP 5558) of Hitachi Energy FOX61x, XCM20 allows an attacker that exploits the vulnerability by activating SSH on port TCP 5558 to cause disruption to the NMS and NE communication. This issue affects: Hitachi Energy FOX61x versions prior to R15A. Hitachi Energy XCM20 versions prior to R15A.

Action-Not Available
Vendor-Hitachi Energy Ltd.
Product-xcm20fox615xcm20_firmwarefox615_firmwareFOX61xXCM20
CWE ID-CWE-431
Missing Handler
CVE-2023-6711
Matching Score-8
Assigner-Hitachi Energy
ShareView Details
Matching Score-8
Assigner-Hitachi Energy
CVSS Score-5.9||MEDIUM
EPSS-0.18% / 39.73%
||
7 Day CHG~0.00%
Published-19 Dec, 2023 | 14:53
Updated-25 Sep, 2024 | 09:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability exists in SCI IEC 60870-5-104 and HCI IEC 60870-5-104 that affects the RTU500 series product versions listed below. Specially crafted messages sent to the mentioned components are not validated properly and can result in buffer overflow and as final consequence to a reboot of an RTU500 CMU.

Action-Not Available
Vendor-Hitachi Energy Ltd.
Product-rtu500_firmwarertu500RTU500 series CMU Firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-4518
Matching Score-8
Assigner-Hitachi Energy
ShareView Details
Matching Score-8
Assigner-Hitachi Energy
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 23.70%
||
7 Day CHG~0.00%
Published-01 Dec, 2023 | 14:18
Updated-23 Sep, 2024 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability exists in the input validation of the GOOSE messages where out of range values received and processed by the IED caused a reboot of the device. In order for an attacker to exploit the vulnerability, goose receiving blocks need to be configured.

Action-Not Available
Vendor-Hitachi Energy Ltd.
Product-relion_670_firmwarerelion_670relion_650relion_650_firmwarerelion_sam600-io_firmwarerelion_sam600-ioRelion670
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CVE-2018-20720
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.58% / 69.49%
||
7 Day CHG~0.00%
Published-16 Jan, 2019 | 03:00
Updated-05 Aug, 2024 | 12:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ABB Relion 630 devices 1.1 before 1.1.0.C0, 1.2 before 1.2.0.B3, and 1.3 before 1.3.0.A6 allow remote attackers to cause a denial of service (reboot) via a reboot command in an SPA message.

Action-Not Available
Vendor-n/aHitachi Energy Ltd.
Product-relion_630_firmwarerelion_630n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-14025
Matching Score-6
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-6
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-5.5||MEDIUM
EPSS-0.11% / 29.79%
||
7 Day CHG~0.00%
Published-06 Nov, 2017 | 22:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Improper Input Validation issue was discovered in ABB FOX515T release 1.0. An improper input validation vulnerability has been identified, allowing a local attacker to provide a malicious parameter to the script that is not validated by the application, This could enable the attacker to retrieve any file on the server.

Action-Not Available
Vendor-n/aHitachi Energy Ltd.
Product-fox515t_firmwarefox515tABB FOX515T
CWE ID-CWE-20
Improper Input Validation
CVE-2022-3388
Matching Score-6
Assigner-Hitachi Energy
ShareView Details
Matching Score-6
Assigner-Hitachi Energy
CVSS Score-8.8||HIGH
EPSS-0.29% / 52.79%
||
7 Day CHG~0.00%
Published-21 Nov, 2022 | 00:00
Updated-23 Jul, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Input Validation Vulnerability in Hitachi Energy’s MicroSCADA Pro/X SYS600 Products

An input validation vulnerability exists in the Monitor Pro interface of MicroSCADA Pro and MicroSCADA X SYS600. An authenticated user can launch an administrator level remote code execution irrespective of the authenticated user's role.

Action-Not Available
Vendor-Hitachi Energy Ltd.
Product-microscada_pro_sys600microscada_x_sys600MicroSCADA Pro SYS600MicroSCADA X SYS600
CWE ID-CWE-20
Improper Input Validation
CVE-2019-19095
Matching Score-6
Assigner-Asea Brown Boveri Ltd. (ABB)
ShareView Details
Matching Score-6
Assigner-Asea Brown Boveri Ltd. (ABB)
CVSS Score-5.4||MEDIUM
EPSS-0.30% / 53.93%
||
7 Day CHG~0.00%
Published-02 Apr, 2020 | 19:47
Updated-05 Aug, 2024 | 02:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ABB eSOMS: Stored XSS vulnerability

Lack of adequate input/output validation for ABB eSOMS versions 4.0 to 6.0.2 might allow an attacker to attack such as stored cross-site scripting by storing malicious content in the database.

Action-Not Available
Vendor-Hitachi Energy Ltd.ABB
Product-esomseSOMS
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-35531
Matching Score-6
Assigner-Hitachi Energy
ShareView Details
Matching Score-6
Assigner-Hitachi Energy
CVSS Score-6.7||MEDIUM
EPSS-0.15% / 35.97%
||
7 Day CHG~0.00%
Published-07 Jun, 2022 | 20:07
Updated-16 Sep, 2024 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Code Execution in TXpert Hub CoreTec 4

Improper Input Validation vulnerability in a particular configuration setting field of Hitachi Energy TXpert Hub CoreTec 4 product, allows an attacker with access to an authorized user with ADMIN or ENGINEER role rights to inject an OS command that is executed by the system. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0; 2.0.1; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1.

Action-Not Available
Vendor-Hitachi Energy Ltd.
Product-txpert_hub_coretec_4_firmwaretxpert_hub_coretec_4TXpert Hub CoreTec 4 version
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-37915
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.32% / 55.37%
||
7 Day CHG~0.00%
Published-21 Jul, 2023 | 20:02
Updated-10 Oct, 2024 | 18:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Malformed PID_PROPERTY_LIST parameter in DATA submessage remotely crashes OpenDDS

OpenDDS is an open source C++ implementation of the Object Management Group (OMG) Data Distribution Service (DDS). OpenDDS crashes while parsing a malformed `PID_PROPERTY_LIST` in a DATA submessage during participant discovery. Attackers can remotely crash OpenDDS processes by sending a DATA submessage containing the malformed parameter to the known multicast port. This issue has been addressed in version 3.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Action-Not Available
Vendor-objectcomputingOpenDDSobjectcomputing
Product-openddsOpenDDSopendds
CWE ID-CWE-20
Improper Input Validation
CVE-2023-38720
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.09% / 25.99%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 20:52
Updated-12 Jun, 2025 | 15:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 and 11.5 is vulnerable to denial of service with a specially crafted ALTER TABLE statement. IBM X-Force ID: 261616.

Action-Not Available
Vendor-opengroupMicrosoft CorporationIBM CorporationLinux Kernel Organization, Inc
Product-windowsunixdb2linux_kernelDb2 for Linux, UNIX and Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2015-7558
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.43% / 81.06%
||
7 Day CHG~0.00%
Published-20 May, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

librsvg before 2.40.12 allows context-dependent attackers to cause a denial of service (infinite loop, stack consumption, and application crash) via cyclic references in an SVG document.

Action-Not Available
Vendor-n/aDebian GNU/LinuxThe GNOME Project
Product-debian_linuxlibrsvgn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-7845
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.22% / 44.60%
||
7 Day CHG~0.00%
Published-19 Nov, 2015 | 20:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The exception handling mechanism in the CLI Module in Huawei eSpace U1910, U1911, U1930, U1960, U1980, and U1981 unified gateways with software before V100R001C20SPH605 allows remote attackers to cause a denial of service (CLI outage) via crafted SSH packets.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-espace_unified_gateway_u1981espace_unified_gateway_u1930espace_firmwareespace_unified_gateway_u1911espace_unified_gateway_u1960espace_unified_gateway_u1910espace_unified_gateway_u1980n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2023-37241
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.10% / 26.53%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 12:30
Updated-19 Nov, 2024 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Input verification vulnerability in the WMS API. Successful exploitation of this vulnerability may cause the device to restart.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-20
Improper Input Validation
CVE-2015-7557
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.52% / 67.18%
||
7 Day CHG~0.00%
Published-20 May, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The _rsvg_node_poly_build_path function in rsvg-shapes.c in librsvg before 2.40.7 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via an odd number of elements in a coordinate pair in an SVG document.

Action-Not Available
Vendor-n/aThe GNOME Project
Product-librsvgn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2023-3769
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-8.6||HIGH
EPSS-0.06% / 18.02%
||
7 Day CHG~0.00%
Published-02 Oct, 2023 | 13:01
Updated-20 Sep, 2024 | 14:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vulnerability in Ingeteam's INGEPAC EF

Incorrect data input validation vulnerability, which could allow an attacker with access to the network to implement fuzzing techniques that would allow him to gain knowledge about specially crafted packets that would create a DoS condition through the MMS protocol when initiating communication, achieving a complete system reboot of the device and its services.

Action-Not Available
Vendor-ingeteamIngeteamingeteam
Product-ingepac_fc5066ingepac_fc5066_firmwareINGEPAC FC5066ingepac_fc5066
CWE ID-CWE-20
Improper Input Validation
CVE-2015-7770
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-5||MEDIUM
EPSS-1.06% / 78.00%
||
7 Day CHG~0.00%
Published-06 Nov, 2015 | 11:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SonicWall TotalSecure TZ 100 devices with firmware before 5.9.1.0-22o allow remote attackers to cause a denial of service via a crafted packet.

Action-Not Available
Vendor-n/aDell Inc.
Product-sonicwall_totalsecure_tz_100_firmwaren/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-7794
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-5.8||MEDIUM
EPSS-0.55% / 68.25%
||
7 Day CHG~0.00%
Published-30 Dec, 2015 | 02:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Corega CG-WLNCM4G devices provide an open DNS resolver, which allows remote attackers to cause a denial of service (traffic amplification) via crafted queries.

Action-Not Available
Vendor-coregan/a
Product-cg-wlncm4g_firmwaren/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-34432
Matching Score-4
Assigner-Eclipse Foundation
ShareView Details
Matching Score-4
Assigner-Eclipse Foundation
CVSS Score-7.5||HIGH
EPSS-0.56% / 68.88%
||
7 Day CHG-0.04%
Published-27 Jul, 2021 | 15:25
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Eclipse Mosquitto versions 2.07 and earlier, the server will crash if the client tries to send a PUBLISH packet with topic length = 0.

Action-Not Available
Vendor-Eclipse Foundation AISBL
Product-mosquittoEclipse Mosquitto
CWE ID-CWE-20
Improper Input Validation
CVE-2015-7750
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.46% / 64.30%
||
7 Day CHG~0.00%
Published-19 Oct, 2015 | 18:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The L2TP packet processing functionality in Juniper Netscreen and ScreenOS Firewall products with ScreenOS before 6.3.0r13-dnd1, 6.3.0r14 through 6.3.0r18 before 6.3.0r18-dnc1, and 6.3.0r19 allows remote attackers to cause a denial of service via a crafted L2TP packet.

Action-Not Available
Vendor-n/aJuniper Networks, Inc.
Product-screenosn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-7748
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.52% / 67.11%
||
7 Day CHG~0.00%
Published-19 Oct, 2015 | 18:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Juniper chassis with Trio (Trinity) chipset line cards and Junos OS 13.3 before 13.3R8, 14.1 before 14.1R6, 14.2 before 14.2R5, and 15.1 before 15.1R2 allow remote attackers to cause a denial of service (MPC line card crash) via a crafted uBFD packet.

Action-Not Available
Vendor-n/aJuniper Networks, Inc.
Product-junosn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2025-21230
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-1.31% / 80.25%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:04
Updated-09 Jun, 2026 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10_1507windows_10_22h2windows_10_1607windows_11_23h2windows_server_2019windows_server_2022windows_10_1809windows_11_24h2windows_server_2025windows_11_22h2windows_server_2012windows_10_21h2windows_server_2008windows_server_2022_23h2Windows 11 Version 23H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2016Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows 10 Version 21H2Windows 10 Version 1507Windows 11 Version 24H2Windows Server 2008 Service Pack 2 (Server Core installation)Windows 11 version 22H3Windows Server 2008 Service Pack 2Windows Server 2016 (Server Core installation)Windows Server 2025 (Server Core installation)Windows 10 Version 1809Windows Server 2012 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H2Windows Server 2025Windows Server 2022Windows Server 2012Windows 10 Version 22H2Windows Server 2012 R2
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2015-7704
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-21.46% / 95.83%
||
7 Day CHG~0.00%
Published-07 Aug, 2017 | 20:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages.

Action-Not Available
Vendor-ntpn/aCitrix (Cloud Software Group, Inc.)McAfee, LLCRed Hat, Inc.Debian GNU/LinuxNetApp, Inc.
Product-data_ontapdebian_linuxenterprise_linux_serverenterprise_linux_workstationoncommand_performance_managerntpenterprise_linux_desktopenterprise_linux_server_tusclustered_data_ontapenterprise_linux_server_eusenterprise_security_managerenterprise_linux_server_ausoncommand_unified_managerxenservern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-6908
Matching Score-4
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-4
Assigner-Debian GNU/Linux
CVSS Score-5||MEDIUM
EPSS-70.51% / 98.71%
||
7 Day CHG~0.00%
Published-11 Sep, 2015 | 16:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd.

Action-Not Available
Vendor-openldapn/aApple Inc.
Product-openldapmac_os_xn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2001-0566
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-15.85% / 94.89%
||
7 Day CHG~0.00%
Published-27 Jul, 2001 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco Catalyst 2900XL switch allows a remote attacker to create a denial of service via an empty UDP packet sent to port 161 (SNMP) when SNMP is disabled.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-catalyst_2900n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-7692
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-13.86% / 94.46%
||
7 Day CHG~0.00%
Published-07 Aug, 2017 | 20:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.

Action-Not Available
Vendor-ntpn/aOracle CorporationRed Hat, Inc.Debian GNU/LinuxNetApp, Inc.
Product-data_ontapdebian_linuxenterprise_linux_serverenterprise_linux_workstationoncommand_performance_managerntpenterprise_linux_desktopenterprise_linux_server_tusclustered_data_ontapenterprise_linux_server_euslinuxenterprise_linux_server_ausoncommand_unified_managern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-7428
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
CVSS Score-5.3||MEDIUM
EPSS-0.34% / 57.34%
||
7 Day CHG~0.00%
Published-03 May, 2017 | 05:13
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NetIQ iManager 3.x before 3.0.3.1 has an issue in the renegotiation of connection parameters with Tomcat.

Action-Not Available
Vendor-netiqn/a
Product-imanagerNetIQ iManager 3.x before 3.0.3.1
CWE ID-CWE-20
Improper Input Validation
CVE-2015-7691
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-12.14% / 93.98%
||
7 Day CHG~0.00%
Published-07 Aug, 2017 | 20:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted packets containing particular autokey operations. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.

Action-Not Available
Vendor-ntpn/aOracle CorporationRed Hat, Inc.Debian GNU/LinuxNetApp, Inc.
Product-data_ontapdebian_linuxenterprise_linux_serverenterprise_linux_workstationoncommand_performance_managerntpenterprise_linux_desktopenterprise_linux_server_tusclustered_data_ontapenterprise_linux_server_euslinuxenterprise_linux_server_ausoncommand_unified_managern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-2150
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.47% / 81.34%
||
7 Day CHG~0.00%
Published-20 May, 2011 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SmarterTools SmarterStats 6.0 web server does not properly validate string data that is intended for storage in an XML document, which allows remote attackers to cause a denial of service (parsing error and daemon pause) via vectors involving (1) certain cookies in a SiteInfoLookup action to Admin/frmSites.aspx, or certain (2) cookies or (3) parameters to (a) Client/frmViewOverviewReport.aspx, (b) Client/frmViewReports.aspx, or (c) Services/SiteAdmin.asmx, as demonstrated by a ]]>> string, related to an "XML injection" issue.

Action-Not Available
Vendor-smartertoolsn/a
Product-smarterstatsn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-5606
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.60% / 69.90%
||
7 Day CHG~0.00%
Published-03 Apr, 2019 | 18:51
Updated-06 Aug, 2024 | 06:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vordel XML Gateway (acquired by Axway) version 7.2.2 could allow remote attackers to cause a denial of service via a specially crafted request.

Action-Not Available
Vendor-axwayn/a
Product-vordel_xml_gatewayn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2025-21477
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.38% / 59.94%
||
7 Day CHG~0.00%
Published-06 Aug, 2025 | 07:25
Updated-20 Aug, 2025 | 19:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Input Validation in Modem

Transient DOS while processing CCCH data when NW sends data with invalid length.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-snapdragon_778g_5g_mobile_platform_firmwaresm8635p_firmwaresm7325p_firmwarewsa8810_firmwareqcm5430_firmwaresnapdragon_8\+_gen_2_mobile_platform_firmwaresdx57mfastconnect_6700wcd9395wsa8845h_firmwareqca6696sdx55_firmwaresnapdragon_auto_5g_modem-rfsm8550pqcc710qca6391snapdragon_865_5g_mobile_platform_firmwaresnapdragon_765g_5g_mobile_platform_\(sm7250-ab\)wsa8835_firmwaresnapdragon_x55_5g_modem-rf_system_firmwareqca6698aq_firmwaresnapdragon_768g_5g_mobile_platform_\(sm7250-ac\)snapdragon_8_gen_2_mobile_platform_firmwareqcm6490_firmwareqcn6024snapdragon_auto_5g_modem-rf_firmwaresnapdragon_8_gen_3_mobile_platformsnapdragon_x62_5g_modem-rf_system_firmwarewsa8840_firmwaresnapdragon_x72_5g_modem-rf_system_firmwareqcs6490qca6574a_firmwaresnapdragon_695_5g_mobile_platformqcc710_firmwareqfw7124sg8275psnapdragon_865_5g_mobile_platformsg8275p_firmwarewcd9370snapdragon_690_5g_mobile_platform_firmwaresnapdragon_780g_5g_mobile_platform_firmwareqca8337sm8550p_firmwaresnapdragon_8\+_gen_2_mobile_platformqcm5430snapdragon_865\+_5g_mobile_platform_\(sm8250-ab\)_firmwarewcd9380snapdragon_888\+_5g_mobile_platform_\(sm8350-ac\)_firmwarefastconnect_6800_firmwarewsa8815_firmwarefastconnect_6900_firmwaresnapdragon_8_gen_1_mobile_platform_firmwarewsa8845_firmwareqca6391_firmwarewcd9375snapdragon_780g_5g_mobile_platformsnapdragon_782g_mobile_platform_\(sm7325-af\)qcs5430_firmwaresm7675_firmwaresnapdragon_480_5g_mobile_platformqcn6274_firmwaresm7675psnapdragon_870_5g_mobile_platform_\(sm8250-ac\)_firmwaresnapdragon_x65_5g_modem-rf_systemsnapdragon_778g\+_5g_mobile_platform_\(sm7325-ae\)_firmwaresnapdragon_480\+_5g_mobile_platform_\(sm4350-ac\)_firmwaresdx57m_firmwarewcn3988315_5g_iot_modem_firmwaresnapdragon_8_gen_1_mobile_platformsnapdragon_x65_5g_modem-rf_system_firmwaresnapdragon_x75_5g_modem-rf_systemqca6584au_firmwareqcm6490snapdragon_865\+_5g_mobile_platform_\(sm8250-ab\)wcd9360sdx55sm7675sm7675p_firmwareqca6584ausm8635_firmwaresnapdragon_888\+_5g_mobile_platform_\(sm8350-ac\)snapdragon_8\+_gen_1_mobile_platform_firmwarear8035snapdragon_765_5g_mobile_platform_\(sm7250-aa\)_firmwarewcd9380_firmwarefastconnect_6200_firmwaresnapdragon_8\+_gen_1_mobile_platformwcd9395_firmwarefastconnect_6200qca6574awcn6740_firmwarewsa8830_firmwarewcd9375_firmwaresnapdragon_4_gen_1_mobile_platformar8035_firmwareqcs8550wsa8832_firmwareqcs8550_firmwareqcs5430wsa8835315_5g_iot_modemwsa8840wsa8845fastconnect_7800snapdragon_8_gen_3_mobile_platform_firmwareqca8081_firmwareqca8337_firmwarewsa8830sm7325pwsa8832fastconnect_6800wcn3988_firmwaresm7250psnapdragon_8_gen_2_mobile_platformqcn6224snapdragon_768g_5g_mobile_platform_\(sm7250-ac\)_firmwarewcd9385snapdragon_auto_5g_modem-rf_gen_2qca6595au_firmwareqca6696_firmwaresnapdragon_480_5g_mobile_platform_firmwaresnapdragon_x70_modem-rf_systemsnapdragon_x72_5g_modem-rf_systemwcd9385_firmwarevideo_collaboration_vc3_platform_firmwaresnapdragon_480\+_5g_mobile_platform_\(sm4350-ac\)sm7250p_firmwarewcn6740snapdragon_x70_modem-rf_system_firmwarewcd9370_firmwarewsa8815sm8635snapdragon_888_5g_mobile_platformwcn6755fastconnect_6700_firmwareqca6595ausnapdragon_765g_5g_mobile_platform_\(sm7250-ab\)_firmwarewsa8845hwcd9390_firmwarewcd9341wsa8810snapdragon_888_5g_mobile_platform_firmwaresnapdragon_870_5g_mobile_platform_\(sm8250-ac\)snapdragon_x75_5g_modem-rf_system_firmwareqcn6274qfw7114snapdragon_695_5g_mobile_platform_firmwaresnapdragon_690_5g_mobile_platformsnapdragon_7c\+_gen_3_compute_firmwareqfw7114_firmwarewcd9340wcd9390wcd9360_firmwarevideo_collaboration_vc3_platformsnapdragon_auto_5g_modem-rf_gen_2_firmwarefastconnect_7800_firmwaresnapdragon_4_gen_1_mobile_platform_firmwareqca8081wcd9340_firmwareqcn6024_firmwarefastconnect_6900qcn9024_firmwaresnapdragon_778g\+_5g_mobile_platform_\(sm7325-ae\)snapdragon_x62_5g_modem-rf_systemsnapdragon_782g_mobile_platform_\(sm7325-af\)_firmwareqcn9024wcd9341_firmwaresnapdragon_765_5g_mobile_platform_\(sm7250-aa\)sm8635pqca6698aqqcs6490_firmwaresnapdragon_x55_5g_modem-rf_systemqfw7124_firmwaresnapdragon_778g_5g_mobile_platformwcn6755_firmwareqcn6224_firmwaresnapdragon_7c\+_gen_3_computeSnapdragon
CWE ID-CWE-20
Improper Input Validation
CVE-2021-33196
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.05% / 17.20%
||
7 Day CHG~0.00%
Published-02 Aug, 2021 | 00:00
Updated-03 Aug, 2024 | 23:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive's header) can cause a NewReader or OpenReader panic.

Action-Not Available
Vendor-n/aDebian GNU/LinuxGo
Product-godebian_linuxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2023-32695
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.3||HIGH
EPSS-0.30% / 53.86%
||
7 Day CHG~0.00%
Published-27 May, 2023 | 15:44
Updated-13 Jan, 2025 | 21:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Insufficient validation when decoding a Socket.IO packet

socket.io parser is a socket.io encoder and decoder written in JavaScript complying with version 5 of socket.io-protocol. A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process. A patch has been released in version 4.2.3.

Action-Not Available
Vendor-socketsocketio
Product-socket.io-parsersocket.io-parser
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2023-33217
Matching Score-4
Assigner-IDEMIA
ShareView Details
Matching Score-4
Assigner-IDEMIA
CVSS Score-7.5||HIGH
EPSS-0.12% / 30.52%
||
7 Day CHG~0.00%
Published-15 Dec, 2023 | 10:45
Updated-02 Aug, 2024 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing integrity check on upgrade package

By abusing a design flaw in the firmware upgrade mechanism of the impacted terminal it's possible to cause a permanent denial of service for the terminal. the only way to recover the terminal is by sending back the terminal to the manufacturer

Action-Not Available
Vendor-idemiaIDEMIA
Product-morphowave_sp_firmwaresigma_widemorphowave_compactsigma_wide_firmwaremorphowave_xp_firmwaresigma_extremesigma_lite\+morphowave_xpmorphowave_spvisionpass_firmwaremorphowave_compact_firmwarevisionpasssigma_lite\+_firmwaresigma_litesigma_extreme_firmwaresigma_lite_firmwareVisionPassMorphoWave Compact/XPSIGMA ExtremeMorphoWave SPSIGMA WideSIGMA Lite & Lite +
CWE ID-CWE-20
Improper Input Validation
CVE-2015-5696
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-16.25% / 94.97%
||
7 Day CHG~0.00%
Published-14 Aug, 2015 | 18:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Netvault Backup before 10.0.5 allows remote attackers to cause a denial of service (crash) via a crafted request.

Action-Not Available
Vendor-n/aDell Inc.
Product-netvault_backupn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-5311
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-0.48% / 65.45%
||
7 Day CHG~0.00%
Published-17 Nov, 2015 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PowerDNS (aka pdns) Authoritative Server 3.4.4 before 3.4.7 allows remote attackers to cause a denial of service (assertion failure and server crash) via crafted query packets.

Action-Not Available
Vendor-powerdnsn/a
Product-authoritativen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2023-33100
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.12% / 31.19%
||
7 Day CHG~0.00%
Published-01 Apr, 2024 | 15:05
Updated-13 Jan, 2025 | 21:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper input validation in Multi-Mode Call Processor

Transient DOS while processing DL NAS Transport message when message ID is not defined in the 3GPP specification.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qfw7124_firmwarefastconnect_6700_firmwareqcn6274wsa8840_firmwarewsa8832qcc710qcs4490snapdragon_x35_5g_modem-rffastconnect_7800_firmwaresnapdragon_8_gen_3_mobile_firmwarewcd9370qfw7124qcm4490snapdragon_4_gen_2_mobilesnapdragon_auto_5g_modem-rf_gen_2qfw7114wsa8810_firmwareqcn6024sg8275p_firmwarewsa8845_firmwaresnapdragon_8\+_gen_2_mobilesnapdragon_8_gen_1_mobileqcn6224qcc710_firmwaresnapdragon_4_gen_2_mobile_firmwareqcm4490_firmwareqcm8550snapdragon_auto_5g_modem-rf_gen_2_firmwarewcd9390ar8035wcd9340wsa8835wcn3950fastconnect_7800qcn6274_firmwarewcd9395_firmwarewsa8845h_firmwarewsa8830snapdragon_x70_modem-rfqfw7114_firmwareqca8337qca6584au_firmwareqcs8550_firmwarefastconnect_6900snapdragon_x35_5g_modem-rf_firmwarewsa8845snapdragon_8_gen_2_mobile_firmwareqca6584auwsa8835_firmwareqep8111_firmwarefastconnect_6700qcn6224_firmwaresnapdragon_x75_5g_modem-rfqca6174awcd9390_firmwarewsa8815_firmwaresnapdragon_x65_5g_modem-rf_firmwaresnapdragon_8_gen_2_mobilewcn3988qcn6024_firmwaresnapdragon_8\+_gen_2_mobile_firmwarewsa8845hwsa8815sm8550p_firmwarewcd9385_firmwarefastconnect_6900_firmwarewcd9380wsa8832_firmwarewcn3950_firmwarewcd9385wcd9395sm8550pwcd9340_firmwaresnapdragon_x75_5g_modem-rf_firmwareqca8081_firmwareqep8111wsa8830_firmwaresnapdragon_8\+_gen_1_mobile_firmwareqcn9024_firmwareqca6698aqqcs4490_firmwaresnapdragon_x70_modem-rf_firmwareqcs8550wcd9380_firmwaresnapdragon_8_gen_1_mobile_firmwaresnapdragon_x65_5g_modem-rfqca6698aq_firmwareqca6174a_firmwareqca8081wsa8840sg8275pwcn3988_firmwareqcm8550_firmwareqcn9024wcd9370_firmwaresnapdragon_8\+_gen_1_mobilear8035_firmwaresnapdragon_8_gen_3_mobileqca8337_firmwarewsa8810Snapdragonqca6174a_firmwareqca8337_firmwareqcm4490_firmwareqcm8550_firmwareqca6584au_firmwareqcn6274_firmwareqcs4490_firmwareqep8111_firmwareqfw7114_firmwaresg8275p_firmwarefastconnect_6900_firmwareqcn6024_firmwareqcs8550_firmwaresm8550p_firmwarear8035_firmwareqcc710_firmwareqcn6224_firmwarefastconnect_6700_firmwareqcn9024_firmwarefastconnect_7800_firmwareqca8081_firmwareqfw7124_firmwaresnapdragon_8_gen_1_mobile_platform_firmwaresnapdragon_4_gen_2_mobile_platform_firmwaresnapdragon_8_gen_2_mobile_platform_firmwareqca6698aq_firmware
CWE ID-CWE-20
Improper Input Validation
CVE-2023-32463
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-3.4||LOW
EPSS-0.27% / 50.82%
||
7 Day CHG~0.00%
Published-23 Jun, 2023 | 07:51
Updated-08 Nov, 2024 | 16:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell VxRail, version(s) 8.0.100 and earlier contain a denial-of-service vulnerability in the upgrade functionality. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to degraded performance and system malfunction.

Action-Not Available
Vendor-Dell Inc.
Product-vxrail_e665n_firmwarevxrail_p580n_vcfvxrail_e560nvxrail_e560f_vcfvxrail_d560vxrail_v470vxrail_g560f_vcfvxrail_g560fvxrail_e660fvxrail_s670vxrail_p570_vcfvxrail_d560_firmwarevxrail_p570_vcf_firmwarevxrail_vd-4000r_firmwarevxrail_s570vxrail_v570f_vcf_firmwarevxrail_e560n_vcfvxrail_p675nvxrail_p570f_firmwarevxrail_p570f_vcf_firmwarevxrail_p670nvxrail_s570_firmwarevxrail_vd-4000zvxrail_e560f_vcf_firmwarevxrail_p570f_vcfvxrail_v570fvxrail_e665f_firmwarevxrail_p675fvxrail_p570_firmwarevxrail_s470_firmwarevxrail_e665fvxrail_p470vxrail_p670fvxrail_e560_vcf_firmwarevxrail_e560f_firmwarevxrail_e660nvxrail_s670_firmwarevxrail_p670n_firmwarevxrail_v570f_firmwarevxrail_v570_vcfvxrail_vd-4000rvxrail_s570_vcf_firmwarevxrail_e560vxrail_d560f_firmwarevxrail_p670f_firmwarevxrail_e660n_firmwarevxrail_s570_vcfvxrail_e460_firmwarevxrail_e660_firmwarevxrail_v670fvxrail_e560fvxrail_v570f_vcfvxrail_vd-4520cvxrail_e560n_firmwarevxrail_e560_vcfvxrail_g560_vcf_firmwarevxrail_g560vxrail_d560fvxrail_g560_vcfvxrail_p570vxrail_g560f_vcf_firmwarevxrail_vd-4000z_firmwarevxrail_v570vxrail_e665vxrail_p570fvxrail_e660f_firmwarevxrail_vd-4510cvxrail_vd-4000wvxrail_vd-4510c_firmwarevxrail_p580n_vcf_firmwarevxrail_v470_firmwarevxrail_vd-4520c_firmwarevxrail_p580n_firmwarevxrail_v670f_firmwarevxrail_v570_firmwarevxrail_v570_vcf_firmwarevxrail_e560n_vcf_firmwarevxrail_g560f_firmwarevxrail_p470_firmwarevxrail_p580nvxrail_e665_firmwarevxrail_g560_firmwarevxrail_e660vxrail_s470vxrail_e665nvxrail_e560_firmwarevxrail_p675n_firmwarevxrail_vd-4000w_firmwarevxrail_p675f_firmwarevxrail_e460Dell EMC VxRail Appliance
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 32
  • 33
  • Next
Details not found