CVE-2024-2617

High

A vulnerability exists in the RTU500 that allows for authenticated and authorized users to bypass secure update, if secure update feature…

Hitachi Energy·CWE-358·Published 2024-04-30

CVSS

7.2

EPSS

0.01

KEV

Exploits

cve.orgen

306 chars

A vulnerability exists in the RTU500 that allows for authenticated and authorized users to bypass secure update, if secure update feature was not enabled on all CMUs of a RTU500. If a malicious actor successfully exploits this vulnerability, they could use it to update the RTU500 with unsigned firmware.

NVDen

306 chars

NVDes

258 chars

Existe una vulnerabilidad en el RTU500 que permite a los usuarios autenticados y autorizados omitir la actualización segura. Si un actor malintencionado aprovecha con éxito esta vulnerabilidad, podría usarla para actualizar el RTU500 con firmware sin firmar.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	7.2	—	—	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
3.1	Secondary	NVD	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H