RTU500 IEC 60870-4-104 Control Vulnerability in Hitachi Energy Products
CVE-2024-11499

6.9MEDIUM

Key Information:

Vendor
Hitachi
Status
Rtu500
Vendor
CVE Published:
25 March 2025

Summary

A vulnerability in the RTU500's IEC 60870-4-104 controlled station functionality allows an authenticated attacker to trigger a restart of the CMU. This can occur when certificates are updated on active connections, which may lead to unintentional disruptions in service. Although the CMU is designed to self-recover post-exploitation, ensuring the integrity of certificate management processes is crucial for maintaining operational security and reliability.

Affected Version(s)

RTU500 13.4.1 <= 13.4.4

RTU500 13.5.1 <= 13.5.3

RTU500 13.5.3

References

https://publisher.hitachienergy.com/preview?DocumentId=8D...

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.