IEC 61850 Client and Server Functionality Vulnerability in RTU500 Devices by Hitachi Energy
CVE-2025-1445

8.7HIGH

Key Information:

Vendor: Hitachi
Status: Rtu500
Vendor: CVE Published:; 25 March 2025

Summary

A vulnerability in the RTU500 series lies within the IEC 61850 client and server functionality, specifically affecting devices configured for TLS communication. This flaw can impact availability under certain timing conditions during the renegotiation of an active IEC 61850 TLS connection, posing a risk to uninterrupted operational communication. The vulnerability is relevant for both client and server configurations in IEC 61850 environments.

Affected Version(s)

RTU500 13.7.1 <= 13.7.4

RTU500 13.7.6

References

https://publisher.hitachienergy.com/preview?DocumentId=8D...

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Mar 25, 2025
Vulnerability Reserved
Feb 18, 2025