RTU500 IEC 60870-4-104 Control Vulnerability in Hitachi Energy Products
CVE-2024-11499

6.9MEDIUM

Key Information:

Vendor: Hitachi
Status: Rtu500
Vendor: CVE Published:; 25 March 2025

What is CVE-2024-11499?

A vulnerability in the RTU500's IEC 60870-4-104 controlled station functionality allows an authenticated attacker to trigger a restart of the CMU. This can occur when certificates are updated on active connections, which may lead to unintentional disruptions in service. Although the CMU is designed to self-recover post-exploitation, ensuring the integrity of certificate management processes is crucial for maintaining operational security and reliability.

Affected Version(s)

RTU500 13.4.1 <= 13.4.4

RTU500 13.5.1 <= 13.5.3

RTU500 13.5.3

References

https://publisher.hitachienergy.com/preview?DocumentId=8D...

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 25, 2025
Vulnerability Reserved
Nov 20, 2024