CVE-2024-2617 HIGH

CVE-2024-2617

Vendor Hitachi Energy
Product RTU500 series CMU firmware
Published April 30, 2024
Last update March 4, 2026

CVSS base score

7.2/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A vulnerability exists in the RTU500 that allows for authenticated and authorized users to bypass secure update, if secure update feature was not enabled on all CMUs of a RTU500. If a malicious actor successfully exploits this vulnerability, they could use it to update the RTU500 with unsigned firmware.

Key dates

02Disclosure timeline

April 30, 2024 CVE published
March 4, 2026 Record updated