A vulnerability exists in the RTU500 that allows for authenticated and authorized users to bypass secure update,
if secure update feature was not enabled on all CMUs of a RTU500. If a malicious actor successfully exploits this vulnerability, they could use it to update the RTU500 with unsigned firmware.
Weakness
The product does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.
References
- https://publisher.hitachienergy.com/preview?DocumentId=8DBD000199\u0026languageCode=en\u0026Preview=true
- https://publisher.hitachienergy.com/preview?DocumentId=8DBD000199\u0026languageCode=en\u0026Preview=true