CVE-2024-11499

Severity CVSS v4.0:
MEDIUM
Type:
CWE-476 NULL Pointer Dereference
Publication date:
25/03/2025
Last modified:
27/03/2025

Description

A vulnerability exists in RTU500 IEC 60870-4-104 controlled station functionality, that allows an authenticated and authorized attacker to perform a CMU restart. The vulnerability can be triggered if certificates are updated while in use on active connections.<br /> <br /> The affected CMU will automatically recover itself if an attacker successfully exploits this vulnerability.