CVE-2024-11499 MEDIUM

CVE-2024-11499

Vendor Hitachi Energy
Product RTU500
Weakness CWE-476
Published March 25, 2025
Last update March 25, 2025

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/R:A

What the vulnerability does

01Description

A vulnerability exists in RTU500 IEC 60870-4-104 controlled station functionality, that allows an authenticated and authorized attacker to perform a CMU restart. The vulnerability can be triggered if certificates are updated while in use on active connections. The affected CMU will automatically recover itself if an attacker successfully exploits this vulnerability.

Key dates

02Disclosure timeline

March 25, 2025 CVE published
March 25, 2025 Record updated