N/A

A vulnerability exists in the component RTU500 Scripting interface. When a client connects to a server using TLS, the server presents a certificate. This certificate links a public key to the identity of the service and is signed by a Certification Authority (CA), allowing the client to validate that the remote service can be trusted and is not malicious. If the client does not validate the parameters of the certificate, then attackers could be able to spoof the identity of the service. An attacker could exploit the vulnerability by using faking the identity of a RTU500 device and intercepting the messages initiated via the RTU500 Scripting interface.

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

证书验证不恰当

Hitachi Energy RTU500 信任管理问题漏洞

Hitachi Energy RTU500是日本日立制作所（Hitachi）公司的一系列工控组件。 Hitachi Energy RTU500存在信任管理问题漏洞，该漏洞源于客户端不验证证书的参数，攻击者可以通过伪造身份并拦截通过脚本接口发起的消息。

N/A

N/A