You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve-2024-3596
About this tag
CVE-2024-3596 is a high-severity vulnerability in the RADIUS authentication protocol that allows forgery attacks when RADIUS Message-Authenticator protection is disabled. Discussions on WindowsForum.com cover its impact on industrial control systems, including Schneider Electric managed switches, Hitachi Energy XMC20 platforms, and Siemens SIPROTEC and SICAM products. The vulnerability carries a CVSS 3.1 score of 9.0 and affects devices used in critical infrastructure such as power grids, water utilities, and energy facilities. Mitigation involves enabling RADIUS Message-Authenticator verification and applying vendor updates. The tag also includes a separate thread on Microsoft CVE-2024-21302, a VBS vulnerability in Windows, but the primary focus remains on the RADIUS flaw.
Schneider Electric’s April 14, 2026 advisory, republished by CISA on June 9, warns that all versions of its Connexium, Modicon, and Modicon Redundancy managed switches can be exposed to CVE-2024-3596 if administrators disable RADIUS Message-Authenticator protection. The alert is not about a...
Hitachi Energy has confirmed that certain XMC20 multiservice communication platforms are exposed to a high‑severity RADIUS protocol forgery—tracked as CVE‑2024‑3596—when the devices are configured to use remote RADIUS authentication, and it is urging operators to enable RADIUS...
When critical infrastructure depends on the seamless operation of digital devices, security vulnerabilities in foundational industrial products can have far-reaching effects across sectors and national borders. Recent advisories concerning the Siemens SIPROTEC and SICAM product families have...
In an important update released just recently, Microsoft has addressed the critical Virtualization-Based Security (VBS) vulnerability dubbed CVE-2024-21302, a flaw that could potentially allow attackers to downgrade modern Windows operating systems without user awareness. This significant...
cve-2024-21302
cve-2024-3596
cybersecurity
data breach
event log
extended security updates
md5 hashing
microsoft
network security
patch
radius
virtualization
vulnerability
windows 10
windows 11
windows update