CVE-2026-1773

HIGH

Hitachi Energy RTU500 Series Firmware 12.7.1-12.7.6 - Denial of Service via Invalid U-format Frame

Title source: llm

Description

IEC 60870-5-104 used in RTU500: Potential Denial of Service impact on reception of invalid U-format frame. Product is only affected if IEC 60870-5-104 bi-directional functionality is configured. Enabling secure communication following IEC 62351-3 does not remediate the vulnerability but mitigates the risk of exploitation.

References (1)

Core 1

Core References

Various Sources

https://publisher.hitachienergy.com/preview?DocumentID=8DBD000237&LanguageCode=en&DocumentPartId=&Action=Launch

Scores

CVSS v3 7.5

EPSS 0.0041

EPSS Percentile 32.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-184

Status published

Products (13)

Hitachi Energy/RTU500 series CMU firmware 12.7.1 - 12.7.7

Hitachi Energy/RTU500 series CMU firmware 13.5.1 - 13.5.4

Hitachi Energy/RTU500 series CMU firmware 13.6.1 - 13.6.2

Hitachi Energy/RTU500 series CMU firmware 13.7.1 - 13.7.7

Hitachi Energy/RTU500 series CMU firmware 13.8.1

hitachienergy/rtu520_firmware 13.8.1

hitachienergy/rtu520_firmware 12.7.1 - 12.7.7

hitachienergy/rtu530_firmware 13.8.1

hitachienergy/rtu530_firmware 12.7.1 - 12.7.7

hitachienergy/rtu540_firmware 13.8.1

... and 3 more

Published Feb 24, 2026

Tracked Since Feb 24, 2026