{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2024-2617","assignerOrgId":"e383dce4-0c27-4495-91c4-0db157728d17","state":"PUBLISHED","assignerShortName":"Hitachi Energy","dateReserved":"2024-03-18T17:44:43.352Z","datePublished":"2024-04-30T12:57:37.143Z","dateUpdated":"2026-03-04T12:02:50.897Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"RTU500 series CMU firmware","vendor":"Hitachi Energy","versions":[{"lessThanOrEqual":"13.2.7","status":"affected","version":"13.2.1","versionType":"custom"},{"lessThanOrEqual":"13.4.4","status":"affected","version":"13.4.1","versionType":"custom"},{"lessThanOrEqual":"13.5.3","status":"affected","version":"13.5.1","versionType":"custom"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"A vulnerability exists in the RTU500 that allows for authenticated and authorized users to bypass secure update, \n\nif secure update feature was not enabled on all\nCMUs of a RTU500. If a\nmalicious actor successfully exploits this vulnerability, they\ncould use it to update the RTU500 with unsigned firmware."}],"value":"A vulnerability exists in the RTU500 that allows for authenticated and authorized users to bypass secure update, \n\nif secure update feature was not enabled on all\nCMUs of a RTU500. If a\nmalicious actor successfully exploits this vulnerability, they\ncould use it to update the RTU500 with unsigned firmware."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.2,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"providerMetadata":{"orgId":"e383dce4-0c27-4495-91c4-0db157728d17","shortName":"Hitachi Energy","dateUpdated":"2026-03-04T12:02:50.897Z"},"references":[{"url":"https://publisher.hitachienergy.com/preview?DocumentId=8DBD000199&languageCode=en&Preview=true"}],"source":{"discovery":"UNKNOWN"},"x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"title":"CISA ADP Vulnrichment","metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2024-2617","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2024-04-30T16:11:48.392692Z"}}}],"affected":[{"cpes":["cpe:2.3:o:hitachienergy:rtu500_firmware:13.2.1.0:*:*:*:*:*:*:*"],"vendor":"hitachienergy","product":"rtu500_firmware","versions":[{"status":"affected","version":"13.2.1.0","versionType":"custom","lessThanOrEqual":"13.2.7.0"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:o:hitachienergy:rtu500_firmware:13.4.1.0:*:*:*:*:*:*:*"],"vendor":"hitachienergy","product":"rtu500_firmware","versions":[{"status":"affected","version":"13.4.1.0","versionType":"custom","lessThanOrEqual":"13.4.4.0"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:o:hitachienergy:rtu500_firmware:13.5.1.0:*:*:*:*:*:*:*"],"vendor":"hitachienergy","product":"rtu500_firmware","versions":[{"status":"affected","version":"13.5.1.0","versionType":"custom","lessThanOrEqual":"13.5.3.0"}],"defaultStatus":"unknown"}],"problemTypes":[{"descriptions":[{"lang":"en","type":"CWE","cweId":"CWE-358","description":"CWE-358 Improperly Implemented Security Check for Standard"}]}],"providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-04T17:29:04.729Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-01T19:18:48.011Z"},"title":"CVE Program Container","references":[{"url":"https://publisher.hitachienergy.com/preview?DocumentId=8DBD000199&languageCode=en&Preview=true","tags":["x_transferred"]}]}]}}