Hitachi Energy RTU500 Infinite Loop (CVE-2026-32777)

libexpat before 2.7.5 allows an infinite loop while parsing DTD content, causing Denial of Service impact. Product is only affected if IEC 61850 functionality is configured. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...

Hitachi Energy RTU500 NULL Pointer Dereference (CVE-2026-8479)

IEC 60870-5-104 used in bidirectional mode is vulnerable to a NULL pointer dereference; if a specially crafted sequence of messages is sent for a certain time, this causes Denial of Service impact. Product is only affected if IEC 60870-5-104 functionality in bidirectional mode BCI is configured...

Hitachi Energy RTU500 NULL Pointer Dereference (CVE-2026-24515)

In libexpat before 2.7.4, XMLExternalEntityParserCreate does not copy unknown encoding handler user data, causing Denial of Service impact. Product is only affected if IEC 61850 functionality is configured. This plugin only works with Tenable.ot. Please visit...

Hitachi Energy RTU500 NULL Pointer Dereference (CVE-2025-69421)

Processing a malformed PKCS12 file can trigger a NULL pointer dereference in the PKCS12itemdecryptd2iex function. A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS12 files. The PKCS12itemdecryptd2iex function does not check whether...

Hitachi Energy RTU500 Integer Overflow or Wraparound (CVE-2026-25210)

In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation, primarily causing Denial of Service and potentially confidentiality and integrity impact to the product. Product is only...

Hitachi Energy RTU500 NULL Pointer Dereference (CVE-2026-32778)

libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier out-of-memory condition, causing Denial of Service impact. Product is only affected if IEC 61850 functionality is configured. This plugin only works with Tenable.ot. Please visit...

Hitachi Energy RTU500 NULL Pointer Dereference (CVE-2026-32776)

libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content, causing Denial of Service impact. Product is only affected if IEC 61850 functionality is configured. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-...

Hitachi Energy HiDraw 安全漏洞

Hitachi Energy HiDraw is a power transformer design software developed by Hitachi Corporation in Japan. Hitachi Energy HiDraw contains a security vulnerability caused by a heap buffer overflow. This vulnerability could allow malicious users with local access to cause memory corruption and potenti...

Hitachi Energy RTU500 安全漏洞

Hitachi Energy RTU500 is a series of industrial control components developed by Hitachi, Ltd. Hitachi Energy RTU500 contains a security vulnerability; this vulnerability stems from a null pointer dereferencing when using the IEC 60870-5-104 standard in bidirectional mode, which may lead to...

Hitachi Energy RTU500

SUMMARY Hitachi Energy is aware of vulnerabilities that affect RTU500 product versions listed in this document. If exploited, these vulnerabilities primarily impact product availability, with potential secondary impacts on confidentiality and integrity. Please refer to the Recommended Immediate...

Hitachi Energy ITT600 Explorer

SUMMARY Hitachi Energy is aware of vulnerabilities that affect ITT600 Explorer product versions listed in this document. These vulnerabilities can be exploited to carry out Denial of Service DoS attack on the product. The vulnerabilities only affect Hitachi Energy Integrated Testing Tool ITT600...

Hitachi Energy PCM600

SUMMARY Hitachi Energy is aware of a vulnerability that affects the Hitachi Energy PCM600 product versions listed in this document. An attacker successfully exploiting this vulnerability can impact integrity of the product. Please refer to the Recommended Immediate Actions for information about...

Hitachi Energy RTU500 Product Allocation of Resources Without Limits or Throttling (CVE-2025-59375)

libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing. Product is only affected if IEC61850 functionality is configured. This plugin only works with Tenable.ot. Please visit...

Hitachi Energy RTU500 Product Uncontrolled Recursion (CVE-2024-8176)

A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash...

Hitachi Energy RTU500 安全漏洞

Hitachi Energy RTU500 is a series of industrial control components developed by Hitachi, Ltd. There is a security vulnerability in Hitachi Energy RTU500, where non-privileged users can access user management information, potentially leading to data leakage...

Hitachi Energy RTU500 安全漏洞

Hitachi Energy RTU500 is a series of industrial control components developed by Hitachi, Ltd. The Hitachi Energy RTU500 contains a security vulnerability; this vulnerability arises from the possibility of denial-of-service attacks due to the reception of invalid U-format frames...

Hitachi Energy Relion REB500 安全漏洞

Hitachi Energy Relion REB500 is a distributed busbar protection system developed by Hitachi Energy. There is a security vulnerability in Hitachi Energy Relion REB500. This vulnerability stems from the ability of authenticated users with the Installer role to access and modify content in...

Hitachi Energy Relion REB500 Product

SUMMARY Hitachi Energy is aware of vulnerabilities that affect the Relion REB500 product versions listed in this document. Authenticated users with certain roles can exploit the vulnerabilities to access and modify the directory contents they are not authorized to do so. Please refer to the...

Hitachi Energy RTU500 Product

SUMMARY Hitachi Energy is aware of vulnerabilities that affect RTU500 product versions listed in this document. Successful exploitation of these vulnerabilities can result in the exposure of low-value user management information and device outage. Please refer to the Recommended Immediate...

CVE-2025-7740 Use of default credentials vulnerability in Hitachi Energy SuprOS product

Default credentials vulnerability exists in SuprOS product. If exploited, this could allow an authenticated local attacker to use an admin account created during product deployment...