CVE-2026-8479

Summary

IEC 60870-5-104 used in bidirectional mode in RTU500 is vulnerable for a NULL pointer dereferencing, if a specially crafted sequence of messages is sent for a certain time, causing Denial of Service impact. Product is only affected if IEC 60870-5-104 functionality in bidirectional mode (BCI) is configured.

Affected Software

VendorProductVersion RangeStatus
Hitachi EnergyRTU500 series CMU firmware12.7.1 <= 12.7.7affected
Hitachi EnergyRTU500 series CMU firmware13.5.1 <= 13.5.4affected
Hitachi EnergyRTU500 series CMU firmware13.6.1 <= 13.6.3affected
Hitachi EnergyRTU500 series CMU firmware13.7.1 <= 13.7.8affected
Hitachi EnergyRTU500 series CMU firmware13.8.1affected

Weaknesses

  • CWE-476: CWE-476 NULL pointer dereference

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References