Hitachi Energy RTU500 Series (Update B)

Plan PatchCVSS 8.7ICS-CERT ICSA-25-093-01Apr 3, 2025

Hitachi EnergyEnergy

Attack path

Attack VectorNetwork

Auth RequiredHigh

ComplexityHigh

User InteractionNone needed

Summary

Hitachi Energy RTU500 series CMU firmware contains multiple denial-of-service vulnerabilities (CWE-476, CWE-410, CWE-820) affecting firmware versions 12.0.1 through 13.7.4. Successful exploitation could cause the RTU to become unresponsive, disrupting remote terminal unit operations in the power grid.

What this means

What could happen

An attacker with network access to an RTU500 unit could trigger a denial-of-service condition that stops the device from responding, interrupting energy distribution monitoring and control until the unit recovers or is manually restarted.

Who's at risk

Energy utilities operating Hitachi Energy RTU500 series devices for power distribution monitoring and control. Remote Terminal Units (RTUs) are critical for collecting field data and executing remote switching commands in substations and generation facilities.

How it could be exploited

An attacker with network connectivity to the RTU500 CMU could send a specially crafted request to trigger a null pointer dereference or resource exhaustion condition, causing the device to hang or crash and stop processing control messages.

Prerequisites

Network access to the RTU500 CMU device
Device running vulnerable firmware version (12.0.1-13.7.4)
No authentication required based on advisory context

remotely exploitableno authentication requiredlow complexityaffects critical control systemsdenial-of-service impact on grid operations

Exploitability

Unlikely to be exploited — EPSS score 0.2%

Affected products (1)

ProductAffected VersionsFix Status

RTU500 series CMU Firmware≥ 12.0.1, ≤ 12.0.14≥ 12.2.1, ≤ 12.2.12≥ 12.4.1, ≤ 12.4.11 and 7 more12.7.8

Remediation & Mitigation

0/6

Do now

0/1

WORKAROUNDRestrict network access to RTU500 CMU devices using firewall rules; only allow traffic from authorized engineering workstations and SCADA servers

Schedule — requires maintenance window

0/4

Patching may require device reboot — plan for process interruption

HOTFIXUpdate RTU500 CMU firmware versions 12.0.1–12.7.7 to version 12.7.8

HOTFIXUpdate RTU500 CMU firmware versions 13.2.1–13.7.4 to version 13.7.7

HOTFIXUpdate RTU500 CMU firmware version 13.5.1–13.5.3 to version 13.5.4

HOTFIXUpdate RTU500 CMU firmware version 13.6.1 to version 13.6.3

Long-term hardening

0/1

HARDENINGIsolate RTU500 devices on a dedicated process control network segment with firewall protection from untrusted networks

CVEs (4)

CVE-2024-10037 CVE-2024-11499 CVE-2024-12169 CVE-2025-1445

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/cd0a8615-01e6-4beb-9d6e-0d88b247211b

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.