PatchSiren cyber security CVE debrief
CVE-2023-5767 Hitachi Energy CVE debrief
Hitachi Energy RTU500 series CMU firmware contains a webserver cross-site scripting issue caused by improper sanitization of an RDT language file. The advisory covers multiple 12.x and 13.x branches, and the vendor later expanded the fixed-version list through advisory revisions. Because the issue affects an OT web interface used for administration, it should be addressed promptly in any exposed or production deployment.
- Vendor
- Hitachi Energy
- Product
- RTU500 series Product
- CVSS
- MEDIUM 6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2023-11-28
- Original CVE updated
- 2024-12-18
- Advisory published
- 2023-11-28
- Advisory updated
- 2024-12-18
Who should care
OT/ICS operators, control-system administrators, and security teams managing Hitachi Energy RTU500 series CMU firmware in the affected 12.0.x through 13.4.x branches, especially where the webserver is reachable from administrative networks.
Technical summary
The vulnerability is a cross-site scripting condition in the RTU500 webserver. The source describes an improperly sanitized RDT language file as the trigger, allowing attacker-controlled content to be interpreted by the web interface. The supplied CVSS vector is CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L, which maps to a Medium severity score of 6.0 and indicates network exposure with elevated privileges required on the target and integrity-focused impact.
Defensive priority
Medium. Prioritize patching where RTU500 webservers are in active use, accessible from administrative networks, or part of critical production control paths. The vulnerability is not in the KEV enrichment provided, but it still affects an OT administrative surface that should be updated to the vendor-fixed branch version.
Recommended defensive actions
- Update RTU500 CMU firmware to the fixed version for the installed branch: 12.0.15, 12.2.12, 12.4.12, 12.6.10, 12.7.7, 13.2.7, 13.4.4, or 13.5.1 as applicable.
- Confirm whether any deployed asset falls within the affected ranges: 12.0.1–12.0.14, 12.2.1–12.2.11, 12.4.1–12.4.11, 12.6.1–12.6.9, 12.7.1–12.7.6, 13.2.1–13.2.6, or 13.4.1–13.4.3.
- Restrict access to the webserver to trusted administrative networks and apply defense-in-depth controls consistent with CISA ICS recommended practices.
- Review the vendor and CISA advisories before maintenance planning so you use the latest fixed-version guidance from the advisory revision history.
Evidence notes
This debrief is based on the supplied CISA CSAF advisory metadata for CVE-2023-5767 and the linked Hitachi Energy advisory reference. The source describes cross-site scripting in the webserver due to an improperly sanitized RDT language file. The supplied affected-product matrix lists the impacted RTU500 series CMU firmware ranges, and the remediation entries provide the fixed versions. The source revision history shows updates through 2024-12-18 to expand the fixed-version guidance. No KEV entry is provided in the supplied enrichment.
Official resources
-
CVE-2023-5767 CVE record
CVE.org
-
CVE-2023-5767 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in the supplied CISA CSAF metadata on 2023-11-28 and revised multiple times through 2024-12-18 as fixed-version guidance was expanded. No KEV listing is provided in the supplied enrichment.