CVE-2023-4518
published 2023-12-01CVE-2023-4518: A vulnerability exists in the input validation of the GOOSE messages where out of range values received and processed by the IED caused a reboot of the device…
PriorityP341high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.70%
48.5th percentile
A vulnerability exists in the input validation of the GOOSE
messages where out of range values received and processed
by the IED caused a reboot of the device. In order for an
attacker to exploit the vulnerability, goose receiving blocks need
to be configured.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| feathersjs | socketio | >= 0 < 4.5.18 | 4.5.18 |
| feathersjs | socketio | >= 5.0.0 < 5.0.8 | 5.0.8 |
| feathersjs | transport-commons | >= 0 < 4.5.18 | 4.5.18 |
| feathersjs | transport-commons | >= 5.0.0 < 5.0.8 | 5.0.8 |
| hitachi_energy | relion670 | — | — |
| hitachi_energy | relion670 | — | — |
| hitachi_energy | relion670 | — | — |
| hitachi_energy | relion670 | — | — |
| hitachi_energy | relion670 | — | — |
| hitachi_energy | relion670 | — | — |
| hitachienergy | relion_650_firmware | — | — |
| hitachienergy | relion_650_firmware | — | — |
| hitachienergy | relion_650_firmware | >= 2.2.4 < 2.2.4.4 | 2.2.4.4 |
| hitachienergy | relion_650_firmware | >= 2.2.5 < 2.2.5.6 | 2.2.5.6 |
| hitachienergy | relion_670_firmware | >= 2.2.0 < 2.2.2.6 | 2.2.2.6 |
| hitachienergy | relion_670_firmware | >= 2.2.3 < 2.2.3.7 | 2.2.3.7 |
| hitachienergy | relion_670_firmware | >= 2.2.4 < 2.2.4.4 | 2.2.4.4 |
| hitachienergy | relion_670_firmware | >= 2.2.5 < 2.2.5.6 | 2.2.5.6 |
| hitachienergy | relion_sam600-io_firmware | — | — |
| hitachienergy | relion_sam600-io_firmware | — | — |
| hitachienergy | relion_sam600-io_firmware | >= 2.2.5 < 2.2.5.6 | 2.2.5.6 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-g5c9-vc82-389p: A vulnerability exists in the input validation of the GOOSE
messages where out of range values received and processed
by the IED caused a reboot of th
ghsa_unreviewed·2023-12-01
CVE-2023-4518 [MEDIUM] CWE-1284 GHSA-g5c9-vc82-389p: A vulnerability exists in the input validation of the GOOSE
messages where out of range values received and processed
by the IED caused a reboot of th
A vulnerability exists in the input validation of the GOOSE
messages where out of range values received and processed
by the IED caused a reboot of the device. In order for an
attacker to exploit the vulnerability, goose receiving blocks need
to be configured.
GHSA
Feathers socket handler allows abusing implicit toString
ghsa·2023-07-20
CVE-2023-37899 [HIGH] CWE-754 Feathers socket handler allows abusing implicit toString
Feathers socket handler allows abusing implicit toString
### Impact
Feathers socket handler did not catch invalid string conversion errors like:
```ts
const message = `${{ toString: '' }}`
```
Causing the NodeJS process to crash when sending an unexpected Socket.io message like
```ts
socket.emit('find', { toString: '' })
```
### Patches
A fix has been released in
- `v5.0.8` via #3241
- `v4.5.18` via #3242
### Workarounds
Since it is in the core Socket handling code upgrading to the latest version is necessary.
### References
- [v5.0.8 Changelog](https://github.com/feathersjs/feathers/blob/dove/CHANGELOG.md#508-2023-07-19)
- [v4.5.18 Changelog](https://github.com/feathersjs/feathers/blob/crow/CHANGELOG.md#4518-2023-07-19)
CISA ICS
Hitachi Energy Relion 670/650/SAM600-IO Series (Update C)
cisa_ics·2026-02-26·CVSS 6.5
CVE-2023-4518 [MEDIUM] Hitachi Energy Relion 670/650/SAM600-IO Series (Update C)
ICS Advisory
##
Hitachi Energy Relion 670/650/SAM600-IO Series (Update C)
Last RevisedFebruary 26, 2026
Alert CodeICSA-25-133-02
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## Summary
Hitachi Energy is aware of the vulnerability CVE-2023-4518 that affects the Relion 670/650/SAM600-IO series that are listed below. An attacker successfully exploiting this vulnerability could cause operational disruptions of the devices.
The following versions of Hitachi Energy Relion 670/650/SAM600-IO Series (Update C) are affected:
- Relion 670 vers:Relion_670/>=2.0.0.0|=2.2.2.0|=2.2.3.0|=2.1.0.0|=2.2.4.0|=2.2.1.0|=2.2.5.0|<2.2.5.6 (CVE-2023-4518, CVE-2023-4518)
CVSS
Vendor
Equipment
Vulnerabilities
| v3 6.5
| Hitachi Ene
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-12-01
Published