Hitachienergy Vulnerabilities

An attacker with low-level access can exploit a vulnerability in the REB500 firmware to change files and directories they shouldn't be able to modify. This requires the attacker to already have authenticated access to the system, making it a serious risk if such users are compromised.

This vulnerability allows an attacker with an Installer role to access and change files in directories they shouldn't be able to, potentially compromising the system's integrity. However, the attacker must already be authenticated as a user with the Installer role to exploit this weakness.

This vulnerability allows an attacker to cause a Denial of Service, making the system unresponsive, by sending invalid data frames if the device is set up for bi-directional communication using the IEC 60870-5-104 protocol. Even though enabling secure communication can reduce the risk, it does not completely fix the issue.

An attacker can access sensitive user management information from the RTU500 device, even without proper permissions, by using tools like browser development utilities. This information is not directly available through the device's web interface, so the attacker needs to know how to use these additional tools to exploit the vulnerability.

An attacker could inject malicious scripts into the web interface of the RTU500 series devices, potentially allowing them to steal sensitive information or perform actions on behalf of legitimate users. This vulnerability occurs because the device does not properly filter user input, making it easier for attackers to exploit it if they can access the webserver.