Perceptive Security
SOC/SIEM Consultancy
Hitachi Energy RTU500 Product
Published:
3 maart 2026 om 12:00:00
Alert date:
3 maart 2026 om 18:03:35
Source:
cisa.gov
Critical Infrastructure, Network Infrastructure
Multiple vulnerabilities affect Hitachi Energy RTU500 series CMU firmware across various versions (12.7.1-12.7.7, 13.5.1-13.5.4, 13.6.1-13.6.2, 13.7.1-13.7.7, 13.8.1). The vulnerabilities include information disclosure through web interface (CVE-2026-1772), denial of service via IEC 60870-5-104 protocol (CVE-2026-1773), stack overflow in libexpat XML parsing (CVE-2024-8176), and resource exhaustion in libexpat (CVE-2025-59375). Successful exploitation can result in exposure of user management information and device outage. The highest CVSS score is 7.5 (High). Firmware updates are available to address all vulnerabilities.
Technical details
Mitigation steps:
Affected products:
Hitachi Energy RTU500 Product
Related links:
https://www.cisa.gov/news-events/ics-advisories/icsa-26-062-03
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-062-03.json
https://www.cve.org/CVERecord?id=CVE-2026-1772
https://www.cve.org/CVERecord?id=CVE-2026-1773
https://www.cve.org/CVERecord?id=CVE-2024-8176
https://www.cve.org/CVERecord?id=CVE-2025-59375
https://cwe.mitre.org/data/definitions/280.html
https://cwe.mitre.org/data/definitions/184.html
https://cwe.mitre.org/data/definitions/674.html
https://cwe.mitre.org/data/definitions/770.html
https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
https://www.hitachienergy.com/contact-us/
https://www.cisa.gov/notification
https://www.cisa.gov/privacy-policy
Related CVE's:
Related threat actors:
IOC's:
This article was created with the assistance of AI technology by Perceptive.