How serious is CVE-2023-5769?

This vulnerability has a CVSS score of 6.1 out of 10, classified as MEDIUM severity. Proof-of-concept exploit code is publicly available, making this an active threat.

Is there exploit code available for CVE-2023-5769?

Yes, proof-of-concept exploit code for CVE-2023-5769 is publicly available on GitHub and security research platforms. This increases the risk of active exploitation.

Which products are affected by CVE-2023-5769?

CVE-2023-5769 affects hitachienergy rtu520 firmware. Check the full CVE details for specific version information.

How do I fix CVE-2023-5769?

To remediate CVE-2023-5769, check for security patches from hitachienergy. Apply all available updates and security patches. If no patch is available, implement recommended workarounds or security controls to mitigate the risk.

CVE-2023-5769

Medium

|6.1

Exploit Available

Plain English Summary

AI-powered analysis for quick understanding

An attacker could inject malicious scripts into the web interface of the RTU500 series devices, potentially allowing them to steal sensitive information or perform actions on behalf of legitimate users. This vulnerability occurs because the device does not properly filter user input, making it easier for attackers to exploit it if they can access the webserver.

Technical Description

A vulnerability exists in the webserver that affects the RTU500 series product versions listed below. A malicious actor could perform cross-site scripting on the webserver due to user input being improperly sanitized.

CVSS Vector Analysis

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionRequired

Confidentiality ImpactLow

Integrity ImpactLow

Availability ImpactNone

ScopeChanged

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploit Resources

Search for proof-of-concept code and exploit modules

GitHub Search Exploit-DB Nuclei Templates Metasploit Vulners

Official References

NIST NVD

Est. Bounty

$862($500-$1K)

Vendor Response

Grade FPatched in 806 days

Quick Information

Published

Dec 14, 2023

over 2 years ago

Last Modified

Feb 27, 2026

about 1 month ago

Vendor

hitachienergy

Product

rtu520 firmware

Related Vulnerabilities

CVE-2026-2460High

An attacker with low-level access can exploit a vulnerability in the REB500 firmware to change files and directories they shouldn't be able to modify. This requires the attacker to already have authenticated access to the system, making it a serious risk if such users are compromised.

CVE-2026-2459High

This vulnerability allows an attacker with an Installer role to access and change files in directories they shouldn't be able to, potentially compromising the system's integrity. However, the attacker must already be authenticated as a user with the Installer role to exploit this weakness.

CVE-2026-1773High

This vulnerability allows an attacker to cause a Denial of Service, making the system unresponsive, by sending invalid data frames if the device is set up for bi-directional communication using the IEC 60870-5-104 protocol. Even though enabling secure communication can reduce the risk, it does not completely fix the issue.

CVE-2026-1772Medium

An attacker can access sensitive user management information from the RTU500 device, even without proper permissions, by using tools like browser development utilities. This information is not directly available through the device's web interface, so the attacker needs to know how to use these additional tools to exploit the vulnerability.