PatchSiren cyber security CVE debrief
CVE-2023-5768 Hitachi Energy CVE debrief
CVE-2023-5768 affects the Hitachi Energy RTU500 series webserver. Improperly sanitized user input can enable cross-site scripting when a user interacts with the web interface. The issue is rated CVSS 5.4 (Medium), and Hitachi Energy has published fixed firmware versions for each affected release family.
- Vendor
- Hitachi Energy
- Product
- RTU500 series Product
- CVSS
- MEDIUM 5.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2023-11-28
- Original CVE updated
- 2024-12-18
- Advisory published
- 2023-11-28
- Advisory updated
- 2024-12-18
Who should care
OT/ICS operators, control-system administrators, maintenance teams, and asset owners responsible for RTU500 series CMU firmware or any exposed RTU500 webserver interface.
Technical summary
The advisory describes a webserver input-validation problem in RTU500 series CMU firmware. Because user input is not sanitized correctly, an attacker can cause cross-site scripting in the web interface. The supplied CVSS vector is AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N, indicating network reachability and required user interaction, with low confidentiality and integrity impact and no availability impact. Affected firmware ranges include 12.0.1-12.0.14, 12.2.1-12.2.11, 12.4.1-12.4.11, 12.6.1-12.6.9, 12.7.1-12.7.6, 13.2.1-13.2.6, and 13.4.1-13.4.3.
Defensive priority
Medium: prioritize remediation on any RTU500 deployment with web management access, especially where the interface is reachable beyond a tightly controlled admin network.
Recommended defensive actions
- Upgrade each affected RTU500 series CMU firmware branch to the vendor-fixed version: 12.0.15, 12.2.12, 12.4.12, 12.6.10, 12.7.7, 13.2.7, 13.4.4, or 13.5.1 as applicable.
- Restrict access to the RTU500 webserver to trusted administrative networks or VPN paths only; avoid direct exposure where possible.
- Apply CISA ICS defense-in-depth guidance, including network segmentation, least privilege for administrative users, and monitoring of control-system web interfaces.
- Review logs and change records for suspicious web requests or unexpected script-like input associated with the RTU500 interface.
- Confirm asset inventory coverage so every affected firmware branch is identified and upgraded consistently across sites.
Evidence notes
The supplied CISA CSAF advisory for CVE-2023-5768 states that the RTU500 series webserver is affected by cross-site scripting due to improperly sanitized user input. The advisory metadata provides CVSS 3.1 score 5.4 with vector AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N. Revision history in the source shows the initial publication on 2023-11-28 and subsequent updates through 2024-12-18, including additions of fixed firmware versions for the affected series. The corpus also includes the vendor advisory reference, the CISA advisory page, and the NVD record; no KEV listing is supplied.
Official resources
-
CVE-2023-5768 CVE record
CVE.org
-
CVE-2023-5768 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Public disclosure is anchored to the CVE/advisory publication date of 2023-11-28. The advisory record was later revised several times, with the latest supplied modification date of 2024-12-18 used only as update context.