CVE-2021-35533 in RTU500
Summary
by MITRE • 11/26/2021
Improper Input Validation vulnerability in the APDU parser in the Bidirectional Communication Interface (BCI) IEC 60870-5-104 function of Hitachi Energy RTU500 series allows an attacker to cause the receiving RTU500 CMU of which the BCI is enabled to reboot when receiving a specially crafted message. By default, BCI IEC 60870-5-104 function is disabled (not configured). This issue affects: Hitachi Energy RTU500 series CMU Firmware version 12.0.* (all versions); CMU Firmware version 12.2.* (all versions); CMU Firmware version 12.4.* (all versions).
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 12/02/2021
The vulnerability CVE-2021-35533 represents a critical improper input validation flaw within the application protocol data unit parser of the Bidirectional Communication Interface in Hitachi Energy RTU500 series devices. This vulnerability specifically targets the IEC 60870-5-104 protocol implementation within the BCI function, which operates as a communication interface for industrial control systems. The flaw exists in the way the system processes incoming APDU messages, creating a condition where malformed or specially crafted input data can trigger unintended system behavior. The affected RTU500 series devices operate with firmware versions 12.0., 12.2., and 12.4.*, all of which are susceptible to this particular weakness that stems from inadequate validation of protocol data units received through the communication interface.
The technical exploitation of this vulnerability occurs when an attacker sends a malformed APDU message to a configured RTU500 CMU that has the BCI IEC 60870-5-104 function enabled. The parser fails to properly validate the incoming message structure, allowing malicious input to bypass normal protocol handling mechanisms. This improper validation leads to a system crash condition that results in an automatic reboot of the affected device. The vulnerability demonstrates characteristics consistent with CWE-20, Improper Input Validation, where insufficient checks on input data cause unexpected behavior in the system. The attack vector requires network access to the communication interface and specifically targets the BCI function that is enabled in the device configuration, making it a targeted issue rather than a default vulnerability.
The operational impact of this vulnerability extends beyond simple service disruption, as it can potentially compromise the integrity of industrial control systems that rely on continuous operation of RTU500 devices. The automatic reboot condition can lead to extended downtime for critical infrastructure components, potentially causing cascading failures in connected systems. In industrial environments where RTU500 series devices are used for monitoring and control of power systems, such disruptions can have significant consequences for grid stability and operational continuity. The vulnerability affects all firmware versions mentioned, indicating a widespread issue that requires immediate attention across multiple device deployments. This type of denial-of-service condition aligns with ATT&CK technique T1499.004, Network Denial of Service, where attackers can disrupt system availability through crafted network communications.
Mitigation strategies for CVE-2021-35533 should focus on both immediate configuration changes and long-term security enhancements. The most effective immediate solution is to disable the BCI IEC 60870-5-104 function on devices where it is not required, as this function is disabled by default according to the vulnerability description. Organizations should conduct comprehensive audits of their RTU500 deployments to identify all devices with the BCI function enabled and evaluate the necessity of this feature for their specific operational requirements. Network segmentation and access control measures should be implemented to limit access to the affected communication interfaces, reducing the attack surface. Additionally, implementing network monitoring solutions that can detect anomalous APDU patterns may help identify potential exploitation attempts before they succeed. The vulnerability highlights the importance of proper input validation in industrial communication protocols and underscores the need for security-by-design principles in critical infrastructure systems. Regular firmware updates and patch management processes should be established to address similar vulnerabilities as they are discovered in industrial control system environments.