Hitachi Energy’s RTU500 Series is facing critical vulnerabilities including Type Confusion, Observable Timing Discrepancy, Out-of-bounds Read, Infinite Loop, and Classic Buffer Overflow. Exploiting these flaws remotely could lead to device crashes or denial-of-service situations. The vulnerabilities were reported by Hitachi Energy and are identified by CVE numbers. Successful exploitation of these vulnerabilities could crash the accessed device, causing significant disruptions.
Attackers could exploit these weaknesses to compromise systems, emphasizing the urgent need for mitigation. Affected RTU500 Series versions range from 12.0.1 to 13.4.1. Hitachi Energy plans updates, advising users to implement general security measures, including network protections, restricted internet access, and cautious use of external devices.
The company has outlined firewall configurations, physical security practices, and scanning protocols to safeguard control systems. CISA emphasizes proactive cybersecurity strategies and encourages reporting any suspicious activities. At present, there are no reported public exploits targeting these vulnerabilities.
Reference:
