6.9
CVE-2024-11499
- EPSS 0.04%
- Published 25.03.2025 12:30:42
- Last modified 27.03.2025 16:45:46
- Source cybersecurity@hitachienergy.co
- Teams watchlist Login
- Open Login
A vulnerability exists in RTU500 IEC 60870-4-104 controlled station functionality, that allows an authenticated and authorized attacker to perform a CMU restart. The vulnerability can be triggered if certificates are updated while in use on active connections. The affected CMU will automatically recover itself if an attacker successfully exploits this vulnerability.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
VendorHitachi Energy
≫
Product
RTU500
Default Statusunaffected
Version <=
13.4.4
Version
13.4.1
Status
affected
Version <=
13.5.3
Version
13.5.1
Status
affected
Version
13.5.3
Status
affected
Version
13.6.1
Status
affected
Version
13.7.1
Status
affected
Version
13.5.4
Status
unaffected
Version
13.6.2
Status
unaffected
Version
13.7.6
Status
unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.112 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| cybersecurity@hitachienergy.com | 6.9 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:A/V:X/RE:X/U:X
|
| cybersecurity@hitachienergy.com | 4.9 | 1.2 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
|
CWE-476 NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.