icsa-25-065-01
Vulnerability from csaf_cisa
Published
2025-02-25 13:30
Modified
2025-02-25 13:30
Summary
Hitachi Energy PCU400
Notes
Summary
Hitachi Energy is aware of the multiple vulnerabilities related to various versions of OpenSSL library components used in PCU400 versions listed in this document below for IEC62351-3 secure for IEC104/DNP3
or PCULogger tool. These vulnerabilities if exploited, can cause confidentiality and availability impacts.
Refer to the Recommended Immediate Actions for information about the available mitigation/remediation
strategies.
Notice
The information in this document is subject to change without notice and should not be construed as a commitment by Hitachi Energy. Hitachi Energy provides no warranty, express or implied, including warran-ties of merchantability and fitness for a particular purpose, for the information contained in this document, and assumes no responsibility for any errors that may appear in this document. In no event shall Hitachi Energy or any of its suppliers be liable for direct, indirect, special, incidental or consequential damages of any nature or kind arising from the use of this document, or from the use of any hardware or software de-scribed in this document, even if Hitachi Energy or its suppliers have been advised of the possibility of such damages. This document and parts hereof must not be reproduced or copied without written permission from Hitachi Energy and the contents hereof must not be imparted to a third party nor used for any unauthorized purpose. All rights to registrations and trademarks reside with their respective owners.
General Mitigation Factors/Workarounds
Recommended security practices and firewall configurations can help protect a process control network from attacks that originate from outside the network. Such practices include that process control systems are physically protected from direct access by unauthorized personnel, have no direct connections to the Internet, and are separated from other networks by means of a firewall system that has a minimal number of ports exposed, and others that have to be evaluated case by case. Process control systems should not be used for Internet surfing, instant messaging, or receiving e-mails. Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system.
Support
For additional information and support please contact your product provider or Hitachi Energy service organization. For contact information, see https://www.hitachienergy.com/contact-us/ for Hitachi Energy contact-centers.
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Advisory Conversion Disclaimer
This CISA CSAF advisory was converted from Hitachi Energy PSIRT's CSAF advisory.
Critical infrastructure sectors
Critical Manufacturing
Countries/areas deployed
Worldwide
Company headquarters location
Switzerland
Recommended Practices
CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.
Recommended Practices
Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices
Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
{
"document": {
"acknowledgments": [
{
"organization": "Hitachi Energy PSIRT",
"summary": "reporting these vulnerabilities to CISA."
},
{
"organization": "Dragos",
"summary": "responsibly reporting these vulnerabilities to Hitachi Energy."
}
],
"aggregate_severity": {
"namespace": "https://www.first.org/cvss/specification-document",
"text": "HIGH"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "summary",
"text": "Hitachi Energy is aware of the multiple vulnerabilities related to various versions of OpenSSL library components used in PCU400 versions listed in this document below for IEC62351-3 secure for IEC104/DNP3\nor PCULogger tool. These vulnerabilities if exploited, can cause confidentiality and availability impacts.\nRefer to the Recommended Immediate Actions for information about the available mitigation/remediation\nstrategies.",
"title": "Summary"
},
{
"category": "legal_disclaimer",
"text": "The information in this document is subject to change without notice and should not be construed as a commitment by Hitachi Energy. Hitachi Energy provides no warranty, express or implied, including warran-ties of merchantability and fitness for a particular purpose, for the information contained in this document, and assumes no responsibility for any errors that may appear in this document. In no event shall Hitachi Energy or any of its suppliers be liable for direct, indirect, special, incidental or consequential damages of any nature or kind arising from the use of this document, or from the use of any hardware or software de-scribed in this document, even if Hitachi Energy or its suppliers have been advised of the possibility of such damages. This document and parts hereof must not be reproduced or copied without written permission from Hitachi Energy and the contents hereof must not be imparted to a third party nor used for any unauthorized purpose. All rights to registrations and trademarks reside with their respective owners.",
"title": "Notice"
},
{
"category": "general",
"text": "Recommended security practices and firewall configurations can help protect a process control network from attacks that originate from outside the network. Such practices include that process control systems are physically protected from direct access by unauthorized personnel, have no direct connections to the Internet, and are separated from other networks by means of a firewall system that has a minimal number of ports exposed, and others that have to be evaluated case by case. Process control systems should not be used for Internet surfing, instant messaging, or receiving e-mails. Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system.",
"title": "General Mitigation Factors/Workarounds"
},
{
"category": "other",
"text": "For additional information and support please contact your product provider or Hitachi Energy service organization. For contact information, see https://www.hitachienergy.com/contact-us/ for Hitachi Energy contact-centers.",
"title": "Support"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "other",
"text": "This CISA CSAF advisory was converted from Hitachi Energy PSIRT\u0027s CSAF advisory.",
"title": "Advisory Conversion Disclaimer"
},
{
"category": "other",
"text": "Critical Manufacturing",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Switzerland",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "other",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-25-065-01 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2025/icsa-25-065-01.json"
},
{
"category": "self",
"summary": "CYBERSECURITY ADVISORY - OpenSSL Vulnerabilities in Hitachi Energy PCU400 Product",
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8dbd000213\u0026languageCode=en\u0026Preview=true"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-25-065-01 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-065-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Hitachi Energy PCU400",
"tracking": {
"current_release_date": "2025-02-25T13:30:00.000000Z",
"generator": {
"date": "2025-02-25T09:29:19.632000Z",
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-25-065-01",
"initial_release_date": "2025-02-25T13:30:00.000000Z",
"revision_history": [
{
"date": "2025-02-25T13:30:00.000000Z",
"number": "1",
"summary": "Initial version."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=6.5_K",
"product": {
"name": "PCU400 versions 6.5 K and below",
"product_id": "CSAFPID-0001"
}
},
{
"category": "product_version_range",
"name": "\u003c=9.4.1",
"product": {
"name": "PCU400 versions 9.4.1 and below",
"product_id": "CSAFPID-0002"
}
},
{
"category": "product_version",
"name": "6.6.0",
"product": {
"name": "PCU400 version 6.6.0",
"product_id": "CSAFPID-0003"
}
},
{
"category": "product_version",
"name": "9.4.2",
"product": {
"name": "PCU400 version 9.4.2",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_family",
"name": "PCU400"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.1.0",
"product": {
"name": "PCULogger versions 1.1.0 and below",
"product_id": "CSAFPID-0005"
}
},
{
"category": "product_version",
"name": "1.2.0",
"product": {
"name": "PCULogger version 1.2.0",
"product_id": "CSAFPID-0006"
}
}
],
"category": "product_family",
"name": "PCULogger"
}
],
"category": "vendor",
"name": "Hitachi Energy"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-0286",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"notes": [
{
"category": "description",
"text": "There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the\nx400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the\nX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0006"
],
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2023-0286",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0286"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "If IEC62351-3 secure for IEC104/DNP3 is used, then update to version\n6.6.0 or latest",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "If IEC62351-3 secure for IEC104/DNP3 is used, then update to version 9.4.2 or latest",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "no_fix_planned",
"details": "If the PCULogger program is used, then update to version 1.2.0* when available. This version is compatible with PCU400 9.4.2 and later",
"product_ids": [
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.4,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.4,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0005"
]
}
]
},
{
"cve": "CVE-2023-0217",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "description",
"text": "An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVP_PKEY_public_check() function. This will most likely lead to an application crash. This function can be called on public keys supplied from untrusted sources which could allow an attacker to cause a denial of service attack. The TLS implementation in OpenSSL does not call this function but applications might call the function if there are additional security requirements imposed by standards such as FIPS 140-3.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0006"
],
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2023-0217",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0217"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "If IEC62351-3 secure for IEC104/DNP3 is used, then update to version\n6.6.0 or latest",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "If IEC62351-3 secure for IEC104/DNP3 is used, then update to version 9.4.2 or latest",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "no_fix_planned",
"details": "If the PCULogger program is used, then update to version 1.2.0* when available. This version is compatible with PCU400 9.4.2 and later",
"product_ids": [
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0005"
]
}
]
},
{
"cve": "CVE-2023-0216",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "description",
"text": "An invalid pointer dereference on read can be triggered when an application tries to load malformed PKCS7 data with the d2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions. The result of the dereference is an application crash which could lead to a denial of service attack. The TLS implementation in OpenSSL does not\ncall this function however third party applications might call these functions on untrusted data.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0006"
],
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2023-0216",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0216"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "If IEC62351-3 secure for IEC104/DNP3 is used, then update to version\n6.6.0 or latest",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "If IEC62351-3 secure for IEC104/DNP3 is used, then update to version 9.4.2 or latest",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "no_fix_planned",
"details": "If the PCULogger program is used, then update to version 1.2.0* when available. This version is compatible with PCU400 9.4.2 and later",
"product_ids": [
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0005"
]
}
]
},
{
"cve": "CVE-2023-0401",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "description",
"text": "A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not available the digest initialization will fail. There is a missing check for the return value from the initialization function which later leads to invalid usage of the digest API most likely leading to a crash. The unavailability of an algorithm can be caused by using FIPS enabled configuration of providers or more commonly by not loading the legacy provider. PKCS7 data is processed by the SMIME library calls and also by the time\nstamp (TS) library calls. The TLS implementation in OpenSSL does not call these functions however third party applications would be affected if they call these functions to verify signatures on untrusted data.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0006"
],
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2023-0401",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0401"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "If IEC62351-3 secure for IEC104/DNP3 is used, then update to version\n6.6.0 or latest",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "If IEC62351-3 secure for IEC104/DNP3 is used, then update to version 9.4.2 or latest",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "no_fix_planned",
"details": "If the PCULogger program is used, then update to version 1.2.0* when available. This version is compatible with PCU400 9.4.2 and later",
"product_ids": [
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0005"
]
}
]
},
{
"cve": "CVE-2023-0215",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user\napplications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on the BIO. This internal function is in turn called by the public API functions PEM_write_bio_ASN1_stream,\nPEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL cms and smime command line applications are similarly affected.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0006"
],
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2023-0215",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0215"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "If IEC62351-3 secure for IEC104/DNP3 is used, then update to version\n6.6.0 or latest",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "If IEC62351-3 secure for IEC104/DNP3 is used, then update to version 9.4.2 or latest",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "no_fix_planned",
"details": "If the PCULogger program is used, then update to version 1.2.0* when available. This version is compatible with PCU400 9.4.2 and later",
"product_ids": [
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0005"
]
}
]
},
{
"cve": "CVE-2022-4450",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "description",
"text": "The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and\ndecodes the \"name\" (e.g. CERTIFICATE\"), any header data and the payload data. If the function succeeds then the \"name_out\", \"header\" and \"data\" arguments are\npopulated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results\nin 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most\nlikely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around\nPEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including\nPEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL asn1parse command line application is also impacted by this issue.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0006"
],
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2022-4450",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4450"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "If IEC62351-3 secure for IEC104/DNP3 is used, then update to version\n6.6.0 or latest",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "If IEC62351-3 secure for IEC104/DNP3 is used, then update to version 9.4.2 or latest",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "no_fix_planned",
"details": "If the PCULogger program is used, then update to version 1.2.0* when available. This version is compatible with PCU400 9.4.2 and later",
"product_ids": [
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0005"
]
}
]
},
{
"cve": "CVE-2022-4304",
"cwe": {
"id": "CWE-203",
"name": "Observable Discrepancy"
},
"notes": [
{
"category": "description",
"text": "A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher\nstyle attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client\nand a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0006"
],
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2022-4304",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4304"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "If IEC62351-3 secure for IEC104/DNP3 is used, then update to version\n6.6.0 or latest",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "If IEC62351-3 secure for IEC104/DNP3 is used, then update to version 9.4.2 or latest",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "no_fix_planned",
"details": "If the PCULogger program is used, then update to version 1.2.0* when available. This version is compatible with PCU400 9.4.2 and later",
"product_ids": [
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalScore": 5.9,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.9,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0005"
]
}
]
},
{
"cve": "CVE-2022-4203",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. The read buffer overrun might result in a crash which could lead to a denial of service attack. In theory it could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext) although we are not aware of any working exploit leading to memory contents disclosure as of the time of release of this advisory. In a TLS client, this can be triggered by connecting to a\nmalicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0006"
],
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2022-4203",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4203"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "If IEC62351-3 secure for IEC104/DNP3 is used, then update to version\n6.6.0 or latest",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "If IEC62351-3 secure for IEC104/DNP3 is used, then update to version 9.4.2 or latest",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "no_fix_planned",
"details": "If the PCULogger program is used, then update to version 1.2.0* when available. This version is compatible with PCU400 9.4.2 and later",
"product_ids": [
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 4.9,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"temporalScore": 4.9,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0005"
]
}
]
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…