CVE-2024-10037
Severity CVSS v4.0:
MEDIUM
Type:
CWE-476
NULL Pointer Dereference
Publication date:
25/03/2025
Last modified:
27/03/2025
Description
A vulnerability exists in the RTU500 web server component that can cause a denial of service to the RTU500 CMU application if a specially crafted message sequence is executed on a WebSocket connection.<br />
An attacker must be properly authenticated and the test mode function of RTU500 must be enabled to exploit this vulnerability.<br />
<br />
The affected CMU will automatically recover itself if an attacker successfully exploits this vulnerability.
Impact
Base Score 4.0
5.90
Severity 4.0
MEDIUM
Base Score 3.x
4.40
Severity 3.x
MEDIUM