Hitachi Energy RTU500 NULL Pointer Dereference Vulnerability in IEC 60870-5-104 Bidirectional Mode

Vulnerability

A NULL pointer dereference vulnerability has been identified in the Hitachi Energy RTU500 series, specifically within the IEC 60870-5-104 protocol when used in bidirectional mode. This vulnerability can be exploited by sending a specially crafted sequence of messages over a period of time, leading to a denial-of-service condition. The issue arises only if the IEC 60870-5-104 functionality in bidirectional mode (BCI) is configured.

Impact

Exploitation of this vulnerability causes a denial-of-service condition, leading to a loss of availability of the affected functionality.

Added: May 26, 2026, 5:04 PM

Updated: May 26, 2026, 5:04 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

2.5

exploitability

6.3

remediation

8.3

relevance

9.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

2.5

exploitability

6.3

remediation

8.3

relevance

9.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Hitachi Energy RTU500 NULL Pointer Dereference Vulnerability in IEC 60870-5-104 Bidirectional Mode

Vulnerability

Impact

Affected Products

Hitachi Energy RTU500

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating