CVE-2024-11499

Name of the Vulnerable Software and Affected Versions RTU500 versions up to 13.4.4 RTU500 versions up to 13.5.3 RTU500 versions up to 13.6.1 RTU500 versions up to 13.7.1 RTU500 versions up to 13.7.5

Description A vulnerability exists in the RTU500 IEC 60870-4-104 controlled station functionality, allowing an authenticated and authorized attacker to perform a CMU restart. This can be triggered if certificates are updated while in use on active connections. The affected CMU will automatically recover itself if an attacker successfully exploits this vulnerability.

Recommendations For versions up to 13.4.4, update to a version later than 13.4.4 to resolve the issue. For versions up to 13.5.3, update to a version later than 13.5.3 to resolve the issue. For versions up to 13.6.1, update to a version later than 13.6.1 to resolve the issue. For versions up to 13.7.1, update to a version later than 13.7.1 to resolve the issue. For versions up to 13.7.5, update to a version later than 13.7.5 to resolve the issue. As a temporary workaround, consider restricting certificate updates while active connections are in use to minimize the risk of exploitation.