Denial of Service Vulnerability in RTU500 Web Server by Hitachi Energy
CVE-2024-10037

5.9MEDIUM

Key Information:

Vendor: Hitachi
Status: Rtu500
Vendor: CVE Published:; 25 March 2025

What is CVE-2024-10037?

A vulnerability exists in the RTU500 web server component that allows for a potential denial of service condition targeting the RTU500 CMU application. This vulnerability can be triggered if an attacker, who must be properly authenticated and have the test mode function enabled, sends a specially crafted sequence of messages over a WebSocket connection. If successfully executed, the affected CMU has the capability to automatically recover, reducing the impact of the exploit.

Affected Version(s)

RTU500 12.0.1 <= 12.0.14

RTU500 12.2.1 <= 12.2.12

RTU500 12.4.1 <= 12.4.11

References

https://publisher.hitachienergy.com/preview?DocumentId=8D...

CVSS V4

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 25, 2025
Vulnerability Reserved
Oct 16, 2024