{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-4518","assignerOrgId":"e383dce4-0c27-4495-91c4-0db157728d17","state":"PUBLISHED","assignerShortName":"Hitachi Energy","dateReserved":"2023-08-24T12:58:41.362Z","datePublished":"2023-12-01T14:18:47.387Z","dateUpdated":"2024-09-23T12:21:46.914Z"},"containers":{"cna":{"affected":[{"defaultStatus":"affected","product":"Relion670","vendor":"Hitachi Energy","versions":[{"status":"affected","version":"Relion 670 series version 2.2.0 all revisions"},{"status":"affected","version":"Relion 670/650/SAM600-IO series version 2.2.1 all revisions"},{"status":"affected","version":"elion 670 series version 2.2.2 all revisions"},{"status":"affected","version":"Relion 670 series version 2.2.3 all revisions"},{"status":"affected","version":"Relion 670/650 series version 2.2.4 all revisions"},{"status":"affected","version":"Relion 670/650/SAM600-IO series version 2.2.5 all revisions"}]}],"datePublic":"2023-11-28T13:30:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"A vulnerability exists in the input validation of the GOOSE \nmessages where out of range values received and processed \nby the IED caused a reboot of the device. In order for an \nattacker to exploit the vulnerability, goose receiving blocks need \nto be configured. "}],"value":"A vulnerability exists in the input validation of the GOOSE \nmessages where out of range values received and processed \nby the IED caused a reboot of the device. In order for an \nattacker to exploit the vulnerability, goose receiving blocks need \nto be configured."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"ADJACENT_NETWORK","availabilityImpact":"HIGH","baseScore":6.5,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-1284","description":"CWE-1284 Improper Validation of Specified Quantity in Input","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"e383dce4-0c27-4495-91c4-0db157728d17","shortName":"Hitachi Energy","dateUpdated":"2024-09-23T12:21:46.914Z"},"references":[{"url":"https://publisher.hitachienergy.com/preview?DocumentId=8DBD000170&languageCode=en&Preview=true"}],"source":{"advisory":"8DBD000170","discovery":"UNKNOWN"},"x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T07:31:06.036Z"},"title":"CVE Program Container","references":[{"url":"https://publisher.hitachienergy.com/preview?DocumentId=8DBD000170&languageCode=en&Preview=true","tags":["x_transferred"]}]}]}}