Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A vulnerability exists in the component RTU500 Scripting interface. When a client connects to a server using TLS, the server presents a certificate. This certificate links a public key to the identity of the service and is signed by a Certification Authority (CA), allowing the client to validate that the remote service can be trusted and is not malicious. If the client does not validate the parameters of the certificate, then attackers could be able to spoof the identity of the service. An attacker could exploit the vulnerability by using faking the identity of a RTU500 device and intercepting the messages initiated via the RTU500 Scripting interface.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Vulnerability Type
证书验证不恰当
Vulnerability Title
Hitachi Energy RTU500 信任管理问题漏洞
Vulnerability Description
Hitachi Energy RTU500是日本日立制作所(Hitachi)公司的一系列工控组件。 Hitachi Energy RTU500存在信任管理问题漏洞,该漏洞源于客户端不验证证书的参数,攻击者可以通过伪造身份并拦截通过脚本接口发起的消息。
CVSS Information
N/A
Vulnerability Type
N/A