CVE-2024-10037

MEDIUM

Hitachi Energy RTU500 - Authenticated Denial of Service via WebSocket Message Sequence

Title source: llm

Description

A vulnerability exists in the RTU500 web server component that can cause a denial of service to the RTU500 CMU application if a specially crafted message sequence is executed on a WebSocket connection. An attacker must be properly authenticated and the test mode function of RTU500 must be enabled to exploit this vulnerability. The affected CMU will automatically recover itself if an attacker successfully exploits this vulnerability.

References (1)

Core 1

Core References

Various Sources

https://publisher.hitachienergy.com/preview?DocumentId=8DBD000207&languageCode=en&Preview=true

Scores

CVSS v3 4.4

EPSS 0.0030

EPSS Percentile 21.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-476

Status published

Products (11)

Hitachi Energy/RTU500 12.0.1 - 12.0.14

Hitachi Energy/RTU500 12.2.1 - 12.2.12

Hitachi Energy/RTU500 12.4.1 - 12.4.11

Hitachi Energy/RTU500 12.6.1 - 12.6.10

Hitachi Energy/RTU500 12.7.1 - 12.7.7

Hitachi Energy/RTU500 12.7.8

Hitachi Energy/RTU500 13.2.1 - 13.2.7

Hitachi Energy/RTU500 13.4.1 - 13.4.4

Hitachi Energy/RTU500 13.5.1 - 13.5.3

Hitachi Energy/RTU500 13.6.1

... and 1 more

Published Mar 25, 2025

Tracked Since Feb 18, 2026