PatchSiren cyber security CVE debrief
CVE-2024-10037 Hitachi Energy CVE debrief
CVE-2024-10037 is an authenticated denial-of-service issue in Hitachi Energy RTU500 CMU Firmware. A specially crafted message sequence over a WebSocket connection can disrupt the RTU500 CMU application when RTU500 test mode is enabled. The impact is availability-only and the affected CMU is reported to auto-recover, but the flaw still warrants remediation in OT environments.
- Vendor
- Hitachi Energy
- Product
- CMU Firmware
- CVSS
- MEDIUM 4.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-03-25
- Original CVE updated
- 2025-09-09
- Advisory published
- 2025-03-25
- Advisory updated
- 2025-09-09
Who should care
OT/ICS operators and engineers running Hitachi Energy RTU500 CMU Firmware, especially sites that enable RTU500 test mode or allow administrative access to the web server/WebSocket interface. Plant security teams and maintenance staff responsible for firmware patching and outage planning should also prioritize this advisory.
Technical summary
CISA CSAF advisory ICSA-25-093-01 identifies CVE-2024-10037 in the RTU500 web server component used by Hitachi Energy RTU500 series CMU Firmware. The flaw can cause a denial of service to the RTU500 CMU application if an attacker sends a specially crafted message sequence on a WebSocket connection. The attacker must be properly authenticated and RTU500 test mode must be enabled. The advisory states the affected CMU automatically recovers after successful exploitation. The published CVSS vector is CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H (4.4).
Defensive priority
Medium: schedule remediation promptly, with higher urgency if test mode is enabled or the web server/WebSocket interface is reachable from broader administrative networks.
Recommended defensive actions
- Upgrade affected CMU Firmware to the vendor-fixed version for your branch: 12.x branches to 12.7.8, and later 13.x branches to the fixed versions listed in the latest advisory revision (13.5.4, 13.6.3, and 13.7.7 as 적용-
- If immediate upgrading is not possible, apply the vendor's general mitigation factors/workarounds from ICSA-25-093-01 and minimize use of RTU500 test mode.
- Restrict access to the RTU500 web server and WebSocket interface to trusted administrative networks and least-privilege maintenance accounts.
- Monitor for unexpected CMU application interruptions or restarts and verify operational recovery procedures, since exploitation is a temporary denial of service even though the CMU auto-recovers.
Evidence notes
Primary evidence comes from the CISA CSAF source item for ICSA-25-093-01 (published 2025-03-25, revised 2025-04-29 and 2025-09-09) and the linked Hitachi Energy advisory. The source lists affected CMU Firmware branches 12.0.1-12.0.14, 12.2.1-12.2.12, 12.4.1-12.4.11, 12.6.1-12.6.10, 12.7.1-12.7.7, 13.2.1-13.2.7, 13.4.1-13.4.4, 13.5.1-13.5.3, and 13.6.1. The CSAF revision history shows updated fixed-version guidance over time, including 12.7.8 and later 13.5.4, 13.6.3, and 13.7.7. The enrichment does not list the CVE in CISA KEV.
Official resources
-
CVE-2024-10037 CVE record
CVE.org
-
CVE-2024-10037 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed by CISA in CSAF advisory ICSA-25-093-01 on 2025-03-25 and updated on 2025-04-29 and 2025-09-09. The enrichment data does not mark this CVE as CISA KEV.