CVE-2024-11499
Severity CVSS v4.0:
MEDIUM
Type:
CWE-476
NULL Pointer Dereference
Publication date:
25/03/2025
Last modified:
27/03/2025
Description
A vulnerability exists in RTU500 IEC 60870-4-104 controlled station functionality, that allows an authenticated and authorized attacker to perform a CMU restart. The vulnerability can be triggered if certificates are updated while in use on active connections.<br />
<br />
The affected CMU will automatically recover itself if an attacker successfully exploits this vulnerability.
Impact
Base Score 4.0
6.90
Severity 4.0
MEDIUM
Base Score 3.x
4.90
Severity 3.x
MEDIUM