Hitachi Energy IEC 60870-5-104 Denial-of-Service Vulnerability via Invalid U-Format Frames

Vulnerability

A denial-of-service vulnerability has been identified in Hitachi Energy products that implement the IEC 60870-5-104 protocol, specifically when bi-directional functionality is enabled. The issue arises from the reception of invalid U-format frames, which can disrupt normal operations. While enabling secure communication according to IEC 62351-3 does not fix the vulnerability, it can reduce the risk of exploitation.

Impact

Exploitation of this vulnerability can lead to a denial-of-service condition, causing the application to become unresponsive or unavailable.

Added: Feb 24, 2026, 3:02 PM

Updated: Feb 24, 2026, 11:04 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.7

remediation

8.3

relevance

3.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.7

remediation

8.3

relevance

3.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Hitachi Energy IEC 60870-5-104 Denial-of-Service Vulnerability via Invalid U-Format Frames

Vulnerability

Impact

Affected Products

IEC 60870-5-104

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating