CVE-2024-10037

Severity CVSS v4.0:
MEDIUM
Type:
CWE-476 NULL Pointer Dereference
Publication date:
25/03/2025
Last modified:
27/03/2025

Description

A vulnerability exists in the RTU500 web server component that can cause a denial of service to the RTU500 CMU application if a specially crafted message sequence is executed on a WebSocket connection.<br /> An attacker must be properly authenticated and the test mode function of RTU500 must be enabled to exploit this vulnerability.<br /> <br /> The affected CMU will automatically recover itself if an attacker successfully exploits this vulnerability.