Perceptive Security
SOC/SIEM Consultancy
Hitachi Energy RTU500 Product
Published:
3 March 2026 at 12:00:00
Alert date:
3 March 2026 at 18:03:35
Source:
cisa.gov
Critical Infrastructure, Network Infrastructure
Multiple vulnerabilities affect Hitachi Energy RTU500 series CMU firmware across various versions (12.7.1-12.7.7, 13.5.1-13.5.4, 13.6.1-13.6.2, 13.7.1-13.7.7, 13.8.1). The vulnerabilities include information disclosure through web interface (CVE-2026-1772), denial of service via IEC 60870-5-104 protocol (CVE-2026-1773), stack overflow in libexpat XML parsing (CVE-2024-8176), and resource exhaustion in libexpat (CVE-2025-59375). Successful exploitation can result in exposure of user management information and device outage. The highest CVSS score is 7.5 (High). Firmware updates are available to address all vulnerabilities.
Technical details
Mitigation steps:
Affected products:
Hitachi Energy RTU500 Product
Related links:
https://www.cisa.gov/news-events/ics-advisories/icsa-26-062-03
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-062-03.json
https://www.cve.org/CVERecord?id=CVE-2026-1772
https://www.cve.org/CVERecord?id=CVE-2026-1773
https://www.cve.org/CVERecord?id=CVE-2024-8176
https://www.cve.org/CVERecord?id=CVE-2025-59375
https://cwe.mitre.org/data/definitions/280.html
https://cwe.mitre.org/data/definitions/184.html
https://cwe.mitre.org/data/definitions/674.html
https://cwe.mitre.org/data/definitions/770.html
https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
https://www.hitachienergy.com/contact-us/
https://www.cisa.gov/notification
https://www.cisa.gov/privacy-policy
Related CVE's:
Related threat actors:
IOC's:
This article was created with the assistance of AI technology by Perceptive.