CVE-2023-6711 Hitachi Energy CVE debrief

Who should care

Organizations operating Hitachi Energy RTU500 series remote terminal units in electric utility, energy, and critical infrastructure environments. Security teams responsible for OT/ICS network protection and asset owners managing IEC 60870-5-104 protocol deployments.

Technical summary

The vulnerability exists in the SCI IEC 60870-5-104 and HCI IEC 60870-5-104 components of Hitachi Energy RTU500 series CMU firmware. Insufficient input validation on specially crafted protocol messages allows a buffer overflow condition that forces device reboot. The attack requires network access to the target device but does not require authentication or user interaction. Successful exploitation results in loss of availability for the remote terminal unit. The CVSS 3.1 vector (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) reflects network accessibility, high attack complexity, and high availability impact with no confidentiality or integrity effects.

Defensive priority

medium

Recommended defensive actions

• Update affected RTU500 series CMU firmware to the latest patched version for your product branch: 12.0.15, 12.2.12, 12.4.12, 12.6.10, 12.7.7, 13.2.7, 13.4.4, or 13.5.2
• Apply network segmentation and firewall rules to restrict IEC 60870-5-104 traffic to authorized sources only
• Follow Hitachi Energy's Remote Terminal Units Security Deployment Guideline for hardening recommendations
• Ensure process control systems have no direct Internet connections and are physically protected from unauthorized access
• Review and implement CISA ICS recommended practices for defense-in-depth strategies
• Contact Hitachi Energy service organization for additional support if needed

Evidence notes

CVE description and affected product versions derived from CISA CSAF advisory ICSA-24-354-01. CVSS vector AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H indicates network attack vector with high attack complexity, no privileges required, and high availability impact.

Official resources