CVE-2026-8479

Published: May 26, 2026

Modified: May 26, 2026

PUBLISHED

Description

IEC 60870-5-104 used in bidirectional mode in RTU500 is vulnerable for a NULL pointer dereferencing, if a specially crafted sequence of messages is sent for a certain time, causing Denial of Service impact. Product is only affected if IEC 60870-5-104 functionality in bidirectional mode (BCI) is configured.

Vendor	Product	Versions
Hitachi Energy	RTU500 series CMU firmware	affected `12.7.1 - <= 12.7.7` affected `13.5.1 - <= 13.5.4` affected `13.6.1 - <= 13.6.3` affected `13.7.1 - <= 13.7.8` affected `13.8.1`

Weaknesses (CWE)

CWE-476

References

https://publisher.hitachienergy.com/preview?DocumentID=8DBD000252&LanguageCode=en&DocumentPartId=&Action=Launch

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-8479

Description

Affected Products

Weaknesses (CWE)

References