CVE-2024-2617

Summary

A vulnerability exists in the RTU500 that allows for authenticated and authorized users to bypass secure update,

if secure update feature was not enabled on all CMUs of a RTU500. If a malicious actor successfully exploits this vulnerability, they could use it to update the RTU500 with unsigned firmware.

Affected Software

VendorProductVersion RangeStatus
Hitachi EnergyRTU500 series CMU firmware13.2.1 <= 13.2.7affected
Hitachi EnergyRTU500 series CMU firmware13.4.1 <= 13.4.4affected
Hitachi EnergyRTU500 series CMU firmware13.5.1 <= 13.5.3affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References