Denial of Service Vulnerability in Hitachi Energy IEC 60870-5-104 Protocol
CVE-2026-1773

8.7HIGH

Key Information:

Vendor: Hitachi
Status: Rtu500 Series Cmu Firmware
Vendor: CVE Published:; 24 February 2026

What is CVE-2026-1773?

The vulnerability presents a potential Denial of Service threat due to the reception of invalid U-format frames within the IEC 60870-5-104 protocol. This issue arises only when bi-directional functionality is enabled, which can lead to disruption in communication. While implementing secure communication as per IEC 62351-3 can help mitigate the risk, it does not fully remediate the underlying vulnerability, highlighting the need for focused attention and proactive risk management strategies.

Affected Version(s)

RTU500 series CMU firmware 12.7.1 <= 12.7.7

RTU500 series CMU firmware 13.5.1 <= 13.5.4

RTU500 series CMU firmware 13.6.1 <= 13.6.2

References

https://publisher.hitachienergy.com/preview?DocumentID=8D...

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 24, 2026
Vulnerability Reserved
Feb 2, 2026

CVE-2026-1773 Data

JSON