{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-11499", "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17", "state": "PUBLISHED", "assignerShortName": "Hitachi Energy", "dateReserved": "2024-11-20T13:16:55.872Z", "datePublished": "2025-03-25T12:30:42.034Z", "dateUpdated": "2025-03-25T13:11:58.573Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "RTU500", "vendor": "Hitachi Energy", "versions": [{"lessThanOrEqual": "13.4.4", "status": "affected", "version": "13.4.1", "versionType": "custom"}, {"lessThanOrEqual": "13.5.3", "status": "affected", "version": "13.5.1", "versionType": "custom"}, {"status": "affected", "version": "13.5.3", "versionType": "custom"}, {"status": "affected", "version": "13.6.1", "versionType": "custom"}, {"status": "affected", "version": "13.7.1", "versionType": "custom"}, {"status": "unaffected", "version": "13.5.4", "versionType": "custom"}, {"status": "unaffected", "version": "13.6.2", "versionType": "custom"}, {"status": "unaffected", "version": "13.7.6", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A vulnerability exists in RTU500 IEC 60870-4-104 controlled station functionality, that allows an authenticated and authorized attacker to perform a CMU restart. The vulnerability can be triggered if certificates are updated while in use on active connections.<br><br>The affected CMU will automatically recover itself if an attacker successfully exploits this vulnerability. <br><br>"}], "value": "A vulnerability exists in RTU500 IEC 60870-4-104 controlled station functionality, that allows an authenticated and authorized attacker to perform a CMU restart. The vulnerability can be triggered if certificates are updated while in use on active connections.\n\nThe affected CMU will automatically recover itself if an attacker successfully exploits this vulnerability."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "AUTOMATIC", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 6.9, "baseSeverity": "MEDIUM", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/R:A", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "e383dce4-0c27-4495-91c4-0db157728d17", "shortName": "Hitachi Energy", "dateUpdated": "2025-03-25T12:30:42.034Z"}, "references": [{"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000207&languageCode=en&Preview=true"}], "source": {"discovery": "INTERNAL"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-25T13:11:51.667437Z", "id": "CVE-2024-11499", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-25T13:11:58.573Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-11499", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-25T13:11:51.667437Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-25T13:11:55.406Z"}}], "cna": {"source": {"discovery": "INTERNAL"}, "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "AUTOMATIC", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/R:A", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Hitachi Energy", "product": "RTU500", "versions": [{"status": "affected", "version": "13.4.1", "versionType": "custom", "lessThanOrEqual": "13.4.4"}, {"status": "affected", "version": "13.5.1", "versionType": "custom", "lessThanOrEqual": "13.5.3"}, {"status": "affected", "version": "13.5.3", "versionType": "custom"}, {"status": "affected", "version": "13.6.1", "versionType": "custom"}, {"status": "affected", "version": "13.7.1", "versionType": "custom"}, {"status": "unaffected", "version": "13.5.4", "versionType": "custom"}, {"status": "unaffected", "version": "13.6.2", "versionType": "custom"}, {"status": "unaffected", "version": "13.7.6", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000207&languageCode=en&Preview=true"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "A vulnerability exists in RTU500 IEC 60870-4-104 controlled station functionality, that allows an authenticated and authorized attacker to perform a CMU restart. The vulnerability can be triggered if certificates are updated while in use on active connections.\n\nThe affected CMU will automatically recover itself if an attacker successfully exploits this vulnerability.", "supportingMedia": [{"type": "text/html", "value": "A vulnerability exists in RTU500 IEC 60870-4-104 controlled station functionality, that allows an authenticated and authorized attacker to perform a CMU restart. The vulnerability can be triggered if certificates are updated while in use on active connections.<br><br>The affected CMU will automatically recover itself if an attacker successfully exploits this vulnerability. <br><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference"}]}], "providerMetadata": {"orgId": "e383dce4-0c27-4495-91c4-0db157728d17", "shortName": "Hitachi Energy", "dateUpdated": "2025-03-25T12:30:42.034Z"}}}, "cveMetadata": {"cveId": "CVE-2024-11499", "state": "PUBLISHED", "dateUpdated": "2025-03-25T13:11:58.573Z", "dateReserved": "2024-11-20T13:16:55.872Z", "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17", "datePublished": "2025-03-25T12:30:42.034Z", "assignerShortName": "Hitachi Energy"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability exists in RTU500 IEC 60870-4-104 controlled station functionality, that allows an authenticated and authorized attacker to perform a CMU restart. The vulnerability can be triggered if certificates are updated while in use on active connections.\n\nThe affected CMU will automatically recover itself if an attacker successfully exploits this vulnerability."}, {"lang": "es", "value": "Existe una vulnerabilidad en la funcionalidad de la estaci\u00f3n controlada RTU500 IEC 60870-4-104 que permite a un atacante autenticado y autorizado reiniciar la CMU. Esta vulnerabilidad puede activarse si los certificados se actualizan mientras se utilizan en conexiones activas. La CMU afectada se recuperar\u00e1 autom\u00e1ticamente si un atacante explota esta vulnerabilidad."}], "id": "CVE-2024-11499", "lastModified": "2025-03-27T16:45:46.410", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "cybersecurity@hitachienergy.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "AUTOMATIC", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:A/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cybersecurity@hitachienergy.com", "type": "Secondary"}]}, "published": "2025-03-25T13:15:39.890", "references": [{"source": "cybersecurity@hitachienergy.com", "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000207&languageCode=en&Preview=true"}], "sourceIdentifier": "cybersecurity@hitachienergy.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "cybersecurity@hitachienergy.com", "type": "Primary"}]}

{}

{}