6.9
CVE-2024-11499
- EPSS 0.11%
- Veröffentlicht 25.03.2025 12:30:42
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle cybersecurity@hitachienergy.co
- CVE-Watchlists
- Unerledigt
A vulnerability exists in RTU500 IEC 60870-4-104 controlled station functionality, that allows an authenticated and authorized attacker to perform a CMU restart. The vulnerability can be triggered if certificates are updated while in use on active connections. The affected CMU will automatically recover itself if an attacker successfully exploits this vulnerability.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerHitachi Energy
≫
Produkt
RTU500
Default Statusunaffected
Version <=
13.4.4
Version
13.4.1
Status
affected
Version <=
13.5.3
Version
13.5.1
Status
affected
Version
13.5.3
Status
affected
Version
13.6.1
Status
affected
Version
13.7.1
Status
affected
Version
13.5.4
Status
unaffected
Version
13.6.2
Status
unaffected
Version
13.7.6
Status
unaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.11% | 0.293 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| cybersecurity@hitachienergy.com | 6.9 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:A/V:X/RE:X/U:X
|
| cybersecurity@hitachienergy.com | 4.9 | 1.2 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
|
CWE-476 NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.