CVE-2024-10037
CVE-2024-10037
Título es
CVE-2024-10037
Mar, 25/03/2025 – 13:15
Tipo
CWE-476
Gravedad 2.0 Txt
Pendiente de análisis
Título en
CVE-2024-10037
Descripción en
A vulnerability exists in the RTU500 web server component that can cause a denial of service to the RTU500 CMU application if a specially crafted message sequence is executed on a WebSocket connection.
An attacker must be properly authenticated and the test mode function of RTU500 must be enabled to exploit this vulnerability.
An attacker must be properly authenticated and the test mode function of RTU500 must be enabled to exploit this vulnerability.
The affected CMU will automatically recover itself if an attacker successfully exploits this vulnerability.
25/03/2025
25/03/2025
Vector CVSS:4.0
CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:A/V:X/RE:X/U:X
Vector CVSS:3.1
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
Gravedad 4.0
5.90
Gravedad 4.0 txt
MEDIUM
Gravedad 3.1 (CVSS 3.1 Base Score)
4.40
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM
Referencias
Enviar en el boletín
Off
