CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1445
https://notcve.org/view.php?id=CVE-2025-1445
25 Mar 2025 — A vulnerability exists in RTU IEC 61850 client and server functionality that could impact the availability if renegotiation of an open IEC61850 TLS connection takes place in specific timing situations, when IEC61850 communication is active. Precondition is that IEC61850 as client or server are configured using TLS on RTU500 device. It affects the CMU the IEC61850 stack is configured on. • https://publisher.hitachienergy.com/preview?DocumentId=8DBD000207&languageCode=en&Preview=true • CWE-820: Missing Synchronization •
CVSS: 8.7EPSS: 0%CPEs: 3EXPL: 0CVE-2024-12169
https://notcve.org/view.php?id=CVE-2024-12169
25 Mar 2025 — A vulnerability exists in RTU500 IEC 60870-5-104 controlled station functionality and IEC 61850 functionality, that allows an attacker performing a specific attack sequence to restart the affected CMU. This vulnerability only applies, if secure communication using IEC 62351-3 (TLS) is enabled. • https://publisher.hitachienergy.com/preview?DocumentId=8DBD000207&languageCode=en&Preview=true •
CVSS: 6.9EPSS: 0%CPEs: 2EXPL: 0CVE-2024-11499
https://notcve.org/view.php?id=CVE-2024-11499
25 Mar 2025 — A vulnerability exists in RTU500 IEC 60870-4-104 controlled station functionality, that allows an authenticated and authorized attacker to perform a CMU restart. The vulnerability can be triggered if certificates are updated while in use on active connections. The affected CMU will automatically recover itself if an attacker successfully exploits this vulnerability. • https://publisher.hitachienergy.com/preview?DocumentId=8DBD000207&languageCode=en&Preview=true • CWE-476: NULL Pointer Dereference •
CVSS: 5.9EPSS: 0%CPEs: 9EXPL: 0CVE-2024-10037
https://notcve.org/view.php?id=CVE-2024-10037
25 Mar 2025 — A vulnerability exists in the RTU500 web server component that can cause a denial of service to the RTU500 CMU application if a specially crafted message sequence is executed on a WebSocket connection. An attacker must be properly authenticated and the test mode function of RTU500 must be enabled to exploit this vulnerability. The affected CMU will automatically recover itself if an attacker successfully exploits this vulnerability. A vulnerability exists in the RTU500 web server component that can cause a ... • https://publisher.hitachienergy.com/preview?DocumentId=8DBD000207&languageCode=en&Preview=true • CWE-476: NULL Pointer Dereference •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2024-2617
https://notcve.org/view.php?id=CVE-2024-2617
30 Apr 2024 — A vulnerability exists in the RTU500 that allows for authenticated and authorized users to bypass secure update. If a malicious actor successfully exploits this vulnerability, they could use it to update the RTU500 with unsigned firmware. Existe una vulnerabilidad en el RTU500 que permite a los usuarios autenticados y autorizados omitir la actualización segura. Si un actor malintencionado aprovecha con éxito esta vulnerabilidad, podría usarla para actualizar el RTU500 con firmware sin firmar. A vulnerabilit... • https://publisher.hitachienergy.com/preview?DocumentId=8DBD000199&languageCode=en&Preview=true • CWE-358: Improperly Implemented Security Check for Standard •
CVSS: 6.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-1532
https://notcve.org/view.php?id=CVE-2024-1532
27 Mar 2024 — A vulnerability exists in the stb-language file handling that affects the RTU500 series product versions listed below. A malicious actor could enforce diagnostic texts being displayed as empty strings, if an authorized user uploads a specially crafted stb-language file. Existe una vulnerabilidad en el manejo de archivos en lenguaje stb que afecta a las versiones de productos de la serie RTU500 que se enumeran a continuación. Un actor malintencionado podría obligar a que los textos de diagnóstico se muestren... • https://publisher.hitachienergy.com/preview?DocumentId=8DBD000190&languageCode=en&Preview=true • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.2EPSS: 0%CPEs: 8EXPL: 0CVE-2024-1531
https://notcve.org/view.php?id=CVE-2024-1531
27 Mar 2024 — A vulnerability exists in the stb-language file handling that affects the RTU500 series product versions listed below. A malicious actor could print random memory content in the RTU500 system log, if an authorized user uploads a specially crafted stb-language file. Existe una vulnerabilidad en el manejo de archivos en lenguaje stb que afecta a las versiones de productos de la serie RTU500 que se enumeran a continuación. Un actor malintencionado podría imprimir contenido de memoria aleatorio en el registro d... • https://publisher.hitachienergy.com/preview?DocumentId=8DBD000190&languageCode=en&Preview=true • CWE-434: Unrestricted Upload of File with Dangerous Type •