cbcvebase.
CVE-2023-4518
published 2023-12-01

CVE-2023-4518: A vulnerability exists in the input validation of the GOOSE messages where out of range values received and processed by the IED caused a reboot of the device…

PriorityP341high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.70%
48.5th percentile
A vulnerability exists in the input validation of the GOOSE messages where out of range values received and processed by the IED caused a reboot of the device. In order for an attacker to exploit the vulnerability, goose receiving blocks need to be configured.

Affected

21 ranges
VendorProductVersion rangeFixed in
feathersjssocketio>= 0 < 4.5.184.5.18
feathersjssocketio>= 5.0.0 < 5.0.85.0.8
feathersjstransport-commons>= 0 < 4.5.184.5.18
feathersjstransport-commons>= 5.0.0 < 5.0.85.0.8
hitachi_energyrelion670
hitachi_energyrelion670
hitachi_energyrelion670
hitachi_energyrelion670
hitachi_energyrelion670
hitachi_energyrelion670
hitachienergyrelion_650_firmware
hitachienergyrelion_650_firmware
hitachienergyrelion_650_firmware>= 2.2.4 < 2.2.4.42.2.4.4
hitachienergyrelion_650_firmware>= 2.2.5 < 2.2.5.62.2.5.6
hitachienergyrelion_670_firmware>= 2.2.0 < 2.2.2.62.2.2.6
hitachienergyrelion_670_firmware>= 2.2.3 < 2.2.3.72.2.3.7
hitachienergyrelion_670_firmware>= 2.2.4 < 2.2.4.42.2.4.4
hitachienergyrelion_670_firmware>= 2.2.5 < 2.2.5.62.2.5.6
hitachienergyrelion_sam600-io_firmware
hitachienergyrelion_sam600-io_firmware
hitachienergyrelion_sam600-io_firmware>= 2.2.5 < 2.2.5.62.2.5.6
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.