CVE-2024-12169

Name of the Vulnerable Software and Affected Versions RTU500 versions up to 13.4.4, 13.5.3, 13.6.1, 13.7.4, 13.7.5

Description A vulnerability exists in the RTU500 IEC 60870-5-104 controlled station functionality and IEC 61850 functionality. This issue allows an attacker to restart the affected CMU by performing a specific attack sequence, but only if secure communication using IEC 62351-3 (TLS) is enabled.

Recommendations For RTU500 versions up to 13.4.4, update to a version later than 13.4.4 to resolve the issue. For RTU500 versions up to 13.5.3, update to a version later than 13.5.3 to resolve the issue. For RTU500 versions up to 13.6.1, update to a version later than 13.6.1 to resolve the issue. For RTU500 versions up to 13.7.4, update to a version later than 13.7.4 to resolve the issue. For RTU500 versions up to 13.7.5, update to a version later than 13.7.5 to resolve the issue. As a temporary workaround, consider disabling the secure communication using IEC 62351-3 (TLS) until a patch is available.