Rtu540 Firmware
Monthly
IEC 60870-5-104: Potential Denial of Service impact on reception of invalid U-format frame. Product is only affected if IEC 60870-5-104 bi-directional functionality is configured. [CVSS 7.5 HIGH]
Improper access controls in RTU500 series firmware (RTU520, RTU530, RTU540, RTU560) expose sensitive user management data to unauthenticated attackers who leverage browser developer tools to bypass web interface restrictions. An attacker without privileges can read confidential user information that should require authentication, though the vulnerability requires direct access to development utilities rather than simple network requests. No patch is currently available for this medium-severity exposure.
A vulnerability exists in the HCI Modbus TCP function included in the product versions listed above. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability exists in the webserver that affects the RTU500 series product versions listed below. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability exists in the HCI IEC 60870-5-104 that affects the RTU500 series product versions listed below. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability exists in the webserver that affects the RTU500 series product versions listed below. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
IEC 60870-5-104: Potential Denial of Service impact on reception of invalid U-format frame. Product is only affected if IEC 60870-5-104 bi-directional functionality is configured. [CVSS 7.5 HIGH]
Improper access controls in RTU500 series firmware (RTU520, RTU530, RTU540, RTU560) expose sensitive user management data to unauthenticated attackers who leverage browser developer tools to bypass web interface restrictions. An attacker without privileges can read confidential user information that should require authentication, though the vulnerability requires direct access to development utilities rather than simple network requests. No patch is currently available for this medium-severity exposure.
A vulnerability exists in the HCI Modbus TCP function included in the product versions listed above. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability exists in the webserver that affects the RTU500 series product versions listed below. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability exists in the HCI IEC 60870-5-104 that affects the RTU500 series product versions listed below. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability exists in the webserver that affects the RTU500 series product versions listed below. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.