Description
IEC 60870-5-104 used in bidirectional mode in RTU500 is vulnerable
for a NULL pointer dereferencing, if a specially crafted
sequence of messages is sent for a certain time, causing
Denial of Service impact.
Product is only affected if IEC 60870-5-104 functionality in
bidirectional mode (BCI) is configured.
Published: 2026-05-26
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A null pointer dereference vulnerability exists in the IEC 60870‑5‑104 protocol when operating in bidirectional mode on Hitachi Energy RTU500 series CMU firmware. A specially crafted sequence of messages sent over time can trigger the null dereference, causing a denial of service. The flaw is classified as CWE‑476 and is only exploitable when bidirectional communication (BCI) is enabled; devices configured for unidirectional operation are not impacted.

Affected Systems

Hitachi Energy RTU500 series CMU firmware is affected when its IEC 60870‑5‑104 functionality is configured for bidirectional communication. Devices operating only in unidirectional mode are not impacted.

Risk and Exploitability

The CVSS score of 6.9 indicates moderate severity; the EPSS score is not available, so exploitation probability remains uncertain. The vulnerability is not listed in CISA’s KEV catalog. An attacker would need network access to the IEC 60870‑5‑104 interface to send the malicious message sequence, making the attack vector likely remote over the control network. Successful exploitation results in a denial of service that can interrupt critical control system operations.

Generated by OpenCVE AI on May 26, 2026 at 16:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Reconfigure the device to disable IEC 60870‑5‑104 bidirectional communication, or restrict its use to unidirectional mode.
  • Restrict access to the IEC 60870‑5‑104 interface through network segmentation, firewall rules, and fine‑grained access control to limit which hosts can initiate sessions.
  • Enable detailed logging of IEC 60870‑5‑104 traffic and monitor for anomalous message patterns that could indicate an attempted exploit.
  • Verify with Hitachi Energy for any available firmware update addressing this issue and apply it when released.

Generated by OpenCVE AI on May 26, 2026 at 16:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 27 May 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Hitachienergy
Hitachienergy rtu500 Firmware
Vendors & Products Hitachienergy
Hitachienergy rtu500 Firmware

Tue, 26 May 2026 16:45:00 +0000

Type Values Removed Values Added
Title Null Pointer Dereference in IEC 60870-5-104 Bidirectional Mode Leading to Denial of Service

Tue, 26 May 2026 15:45:00 +0000

Type Values Removed Values Added
Description IEC 60870-5-104 used in bidirectional mode is vulnerable for a NULL pointer dereferencing, if a specially crafted sequence of messages is sent for a certain time, causing Denial of Service impact. Product is only affected if IEC 60870-5-104 functionality in bidirectional mode (BCI) is configured. IEC 60870-5-104 used in bidirectional mode in RTU500 is vulnerable for a NULL pointer dereferencing, if a specially crafted sequence of messages is sent for a certain time, causing Denial of Service impact. Product is only affected if IEC 60870-5-104 functionality in bidirectional mode (BCI) is configured.

Tue, 26 May 2026 13:45:00 +0000

Type Values Removed Values Added
Description IEC 60870-5-104 used in bidirectional mode is vulnerable for a NULL pointer dereferencing, if a specially crafted sequence of messages is sent for a certain time, causing Denial of Service impact. Product is only affected if IEC 60870-5-104 functionality in bidirectional mode (BCI) is configured.
Weaknesses CWE-476
References
Metrics cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Hitachienergy Rtu500 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: Hitachi Energy

Published:

Updated: 2026-05-26T14:49:40.036Z

Reserved: 2026-05-13T13:42:53.588Z

Link: CVE-2026-8479

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2026-05-26T14:16:41.247

Modified: 2026-05-26T20:03:50.687

Link: CVE-2026-8479

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-27T09:30:26Z

Weaknesses