You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
radius security
About this tag
Discussions on WindowsForum.com about radius security focus on CVE-2024-3596, a high-severity vulnerability in the RADIUS authentication protocol that allows on-path attackers to forge RADIUS responses. The vulnerability affects industrial networking equipment from vendors like Schneider Electric and Hitachi Energy, including Connexium, Modicon, Modicon Redundancy switches, XMC20 platforms, and FOX61x devices. The primary mitigation is enabling RADIUS Message-Authenticator verification on both clients and servers, along with applying vendor firmware updates. These threads emphasize the importance of proper RADIUS configuration in industrial environments to prevent authentication bypass and unauthorized access.
Schneider Electric’s April 14, 2026 advisory, republished by CISA on June 9, warns that all versions of its Connexium, Modicon, and Modicon Redundancy managed switches can be exposed to CVE-2024-3596 if administrators disable RADIUS Message-Authenticator protection. The alert is not about a...
Hitachi Energy has confirmed that certain XMC20 multiservice communication platforms are exposed to a high‑severity RADIUS protocol forgery—tracked as CVE‑2024‑3596—when the devices are configured to use remote RADIUS authentication, and it is urging operators to enable RADIUS...
Hitachi Energy has confirmed that certain FOX61x devices are affected by a critical RADIUS protocol vulnerability (tracked as CVE‑2024‑3596) that allows an on‑path attacker to forge RADIUS responses by exploiting a chosen‑prefix collision attack against the MD5‑based Response Authenticator...