CVE-2024-11499

MEDIUM

Hitachi Energy RTU500 Authenticated DoS via Certificate Update

Title source: llm

Description

A vulnerability exists in RTU500 IEC 60870-4-104 controlled station functionality, that allows an authenticated and authorized attacker to perform a CMU restart. The vulnerability can be triggered if certificates are updated while in use on active connections. The affected CMU will automatically recover itself if an attacker successfully exploits this vulnerability.

References (1)

Core 1

Core References

Various Sources

https://publisher.hitachienergy.com/preview?DocumentId=8DBD000207&languageCode=en&Preview=true

Scores

CVSS v3 4.9

EPSS 0.0021

EPSS Percentile 11.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-476

Status published

Products (8)

Hitachi Energy/RTU500 13.4.1 - 13.4.4

Hitachi Energy/RTU500 13.5.1 - 13.5.3

Hitachi Energy/RTU500 13.5.3

Hitachi Energy/RTU500 13.5.4

Hitachi Energy/RTU500 13.6.1

Hitachi Energy/RTU500 13.6.2

Hitachi Energy/RTU500 13.7.1

Hitachi Energy/RTU500 13.7.6

Published Mar 25, 2025

Tracked Since Feb 18, 2026