Hitachi Energy RTU500 Series

1. SUMMARY Hitachi Energy is aware of the vulnerabilities, CVE-2024-10037, CVE-2024-11499, CVE-2024-12169, and CVE-2025-1445 in the RTU500 Web server component, the IEC 60870-5-104 controlled station implementation and IEC 61850 implementation, that affects the RTU500 versions that are listed below. An attacker successfully exploiting these vulnerabilities could trigger a restart of a RTU500 CMU. Please refer to the Recom-mended Immediate Actions for information about the available mitigation/remediation strategies. 2. SUPPORT For additional information and support please contact your product provider or Hitachi Energy service organ-ization. For contact information, see https://www.hitachienergy.com/contact-us/ for Hitachi Energy contact-centers. 3. GENERAL MITIGATION FACTORS Recommended security practices and firewall configurations can help protect a process control network from attacks that originate from outside the network. Such practices include that process control systems are physically protected from direct access by unauthorized personnel, have no direct connections to the Internet, and are separated from other networks by means of a firewall system that has a minimal number of ports exposed, and others that have to be evaluated case by case. Process control systems should not be used for Internet surfing, instant messaging, or receiving e-mails. Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a…Read More