PatchSiren cyber security CVE debrief
CVE-2023-4518 Hitachi Energy CVE debrief
CVE-2023-4518 is a medium-severity availability issue in Hitachi Energy’s Relion 670/650/SAM600-IO family. According to the CISA CSAF advisory, the device’s IEC 61850 GOOSE input validation can accept out-of-range values that, when processed by the IED, may cause a reboot. The advisory notes that exploitation requires GOOSE receiving blocks to be configured, and the published CVSS vector reflects a high availability impact with no confidentiality or integrity impact.
- Vendor
- Hitachi Energy
- Product
- Relion 670
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2023-11-28
- Original CVE updated
- 2026-02-26
- Advisory published
- 2023-11-28
- Advisory updated
- 2026-02-26
Who should care
Utilities, substation operators, and OT security teams running Hitachi Energy Relion 670, Relion 650, or SAM600-IO devices. Network defenders responsible for IEC 61850 environments should also care, especially where GOOSE receiving blocks are enabled.
Technical summary
CISA’s advisory for CVE-2023-4518 describes an input-validation flaw in IEC 61850 GOOSE message handling. If a device receives out-of-range values and the relevant GOOSE receiving blocks are configured, the IED can reboot. The advisory maps the issue to CWE-1284 and rates it CVSS 3.1 AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (6.5).
Defensive priority
Moderate to high for OT environments where relay availability is critical. The issue is not a remote code execution problem, but a reboot of protective equipment can still disrupt operations and availability.
Recommended defensive actions
- Update affected systems to the vendor-fixed releases listed in the advisory: 2.0.0.14, 2.1.0.6, 2.2.1.9, 2.2.2.6, 2.2.3.7, 2.2.4.4, or 2.2.5.6, as applicable to the installed product line.
- For Relion 670 series version 2.2.0, apply the vendor’s general mitigation factors as directed by the advisory.
- Review whether GOOSE receiving blocks are configured on exposed devices and limit that configuration to what is operationally necessary.
- Apply ICS defensive-in-depth measures such as network segmentation, strict change control, and monitoring for unexpected relay reboots.
- Use vendor and CISA ICS recommended practices to validate OT asset exposure and harden engineering workstations and control networks.
- Track the latest vendor and CISA advisories for any additional remediation guidance or revision history updates.
Evidence notes
This debrief is based on the supplied CISA CSAF advisory source item for ICSA-25-133-02, which references Hitachi Energy PSIRT advisory 8DBD000170 and lists affected Relion 670/650/SAM600-IO versions, fixed releases, and the condition that GOOSE receiving blocks must be configured for exploitation. The CVE published date used here is 2023-11-28; later advisory revision dates are treated only as update context.
Official resources
-
CVE-2023-4518 CVE record
CVE.org
-
CVE-2023-4518 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed on 2023-11-28. The supplied CISA source shows later update and republication history, including a 2026-02-26 republication based on Hitachi Energy PSIRT advisory 8DBD000170.