VYPR

RTU500

by Hitachi

CVEs (12)

  • CVE-2026-1773HigFeb 24, 2026
    risk 0.49cvss 7.5epss 0.00

    IEC 60870-5-104 used in RTU500: Potential Denial of Service impact on reception of invalid U-format frame. Product is only affected if IEC 60870-5-104 bi-directional functionality is configured. Enabling secure communication following IEC 62351-3 does not remediate the…

  • CVE-2025-1445HigMar 25, 2025
    risk 0.49cvss 7.5epss 0.00

    A vulnerability exists in RTU IEC 61850 client and server functionality that could impact the availability if renegotiation of an open IEC61850 TLS connection takes place in specific timing situations, when IEC61850 communication is active. Precondition is that IEC61850 as…

  • CVE-2022-2081HigJan 4, 2024
    risk 0.49cvss 7.5epss 0.01

    A vulnerability exists in the HCI Modbus TCP function included in the product versions listed above. If the HCI Modbus TCP is enabled and configured, an attacker could exploit the vulnerability by sending a specially crafted message to the RTU500 in a high rate, causing the…

  • CVE-2022-28613HigMay 2, 2022
    risk 0.49cvss 7.5epss 0.01

    A vulnerability exists in the HCI Modbus TCP function included in the product versions listed above. If the HCI Modbus TCP is en-abled and configured, an attacker could exploit the vulnerability by sending a specially crafted message to the RTU500, causing the receiving RTU500…

  • CVE-2024-2617HigApr 30, 2024
    risk 0.47cvss 7.2epss 0.01

    A vulnerability exists in the RTU500 that allows for authenticated and authorized users to bypass secure update, if secure update feature was not enabled on all CMUs of a RTU500. If a malicious actor successfully exploits this vulnerability, they could use it to update the…

  • CVE-2026-8479MedMay 26, 2026
    risk 0.45cvss epss 0.00

    IEC 60870-5-104 used in bidirectional mode in RTU500 is vulnerable for a NULL pointer dereferencing, if a specially crafted sequence of messages is sent for a certain time, causing Denial of Service impact. Product is only affected if IEC 60870-5-104 functionality in…

  • CVE-2024-12169MedMar 25, 2025
    risk 0.42cvss 6.5epss 0.00

    A vulnerability exists in RTU500 IEC 60870-5-104 controlled station functionality and IEC 61850 functionality, that allows an attacker performing a specific attack sequence to restart the affected CMU. This vulnerability only applies, if secure communication using IEC 62351-3…

  • CVE-2023-5767MedDec 4, 2023
    risk 0.39cvss 6.0epss 0.00

    A vulnerability exists in the webserver that affects the RTU500 series product versions listed below. A malicious actor could perform cross-site scripting on the webserver due to an RDT language file being improperly sanitized.

  • CVE-2022-3353MedFeb 21, 2023
    risk 0.38cvss 5.9epss 0.01

    A vulnerability exists in the IEC 61850 communication stack that affects multiple Hitachi Energy products.  An attacker could exploit the vulnerability by using a specially crafted message sequence, to force the IEC 61850 MMS-server communication stack, to stop accepting…

  • CVE-2023-5769MedDec 14, 2023
    risk 0.35cvss 5.4epss 0.00

    A vulnerability exists in the webserver that affects the RTU500 series product versions listed below. A malicious actor could perform cross-site scripting on the webserver due to user input being improperly sanitized.

  • CVE-2024-11499MedMar 25, 2025
    risk 0.32cvss 4.9epss 0.00

    A vulnerability exists in RTU500 IEC 60870-4-104 controlled station functionality, that allows an authenticated and authorized attacker to perform a CMU restart. The vulnerability can be triggered if certificates are updated while in use on active connections. The affected CMU…

  • CVE-2024-10037MedMar 25, 2025
    risk 0.29cvss 4.4epss 0.00

    A vulnerability exists in the RTU500 web server component that can cause a denial of service to the RTU500 CMU application if a specially crafted message sequence is executed on a WebSocket connection. An attacker must be properly authenticated and the test mode function of…