CVE-2024-12169

Summary

A vulnerability exists in RTU500 IEC 60870-5-104 controlled station functionality and IEC 61850 functionality, that allows an attacker performing a specific attack sequence to restart the affected CMU. This vulnerability only applies, if secure communication using IEC 62351-3 (TLS) is enabled.

Affected Software

VendorProductVersion RangeStatus
Hitachi EnergyRTU50013.4.1 <= 13.4.4affected
Hitachi EnergyRTU50013.5.1 <= 13.5.3affected
Hitachi EnergyRTU50013.6.1affected
Hitachi EnergyRTU50013.7.1 <= 13.7.4affected
Hitachi EnergyRTU50013.7.6unaffected

Weaknesses

  • CWE:410 Insufficient Resource Pool

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References