CVE-2026-1773
Modified Modified - Updated After Analysis
Denial of Service via Invalid U-Frame in IEC

Publication date: 2026-02-24

Last updated on: 2026-05-26

Assigner: Hitachi Energy

Description
IEC 60870-5-104 used in RTU500: Potential Denial of Service impact on reception of invalid U-format frame. Product is only affected if IEC 60870-5-104 bi-directional functionality is configured. Enabling secure communication following IEC 62351-3 does not remediate the vulnerability but mitigates the risk of exploitation.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-24
Last Modified
2026-05-26
Generated
2026-06-16
AI Q&A
2026-02-24
EPSS Evaluated
2026-06-15
NVD
CVE-2026-1773
EUVD
EUVD-2026-8462
Affected Vendors & Products
Showing 20 associated CPEs
Vendor Product Version / Range
hitachienergy rtu540_firmware From 12.7.1 (inc) to 12.7.7 (inc)
hitachienergy rtu540_firmware From 13.5.1 (inc) to 13.5.4 (inc)
hitachienergy rtu540_firmware From 13.6.1 (inc) to 13.6.2 (inc)
hitachienergy rtu540_firmware 13.8.1
hitachienergy rtu540_firmware From 13.7.1 (inc) to 13.7.8 (exc)
hitachienergy rtu560_firmware From 12.7.1 (inc) to 12.7.7 (inc)
hitachienergy rtu560_firmware From 13.5.1 (inc) to 13.5.4 (inc)
hitachienergy rtu560_firmware From 13.6.1 (inc) to 13.6.2 (inc)
hitachienergy rtu560_firmware 13.8.1
hitachienergy rtu560_firmware From 13.7.1 (inc) to 13.7.8 (exc)
hitachienergy rtu520_firmware From 12.7.1 (inc) to 12.7.7 (inc)
hitachienergy rtu520_firmware From 13.5.1 (inc) to 13.5.4 (inc)
hitachienergy rtu520_firmware From 13.6.1 (inc) to 13.6.2 (inc)
hitachienergy rtu520_firmware 13.8.1
hitachienergy rtu520_firmware From 13.7.1 (inc) to 13.7.8 (exc)
hitachienergy rtu530_firmware From 12.7.1 (inc) to 12.7.7 (inc)
hitachienergy rtu530_firmware From 13.5.1 (inc) to 13.5.4 (inc)
hitachienergy rtu530_firmware From 13.6.1 (inc) to 13.6.2 (inc)
hitachienergy rtu530_firmware 13.8.1
hitachienergy rtu530_firmware From 13.7.1 (inc) to 13.7.8 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-184 The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability relates to the IEC 60870-5-104 protocol and involves a potential Denial of Service (DoS) impact caused by the reception of invalid U-format frames.

The product is only affected if the IEC 60870-5-104 bi-directional functionality is configured.

Even enabling secure communication according to IEC 62351-3 does not fix the vulnerability but can reduce the risk of it being exploited.

Impact Analysis

The vulnerability can lead to a Denial of Service condition, which means that the affected system could become unavailable or unresponsive when it receives invalid U-format frames.

This impact is significant as it can disrupt communication and operations relying on the IEC 60870-5-104 protocol, especially if bi-directional functionality is enabled.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

The vulnerability affects IEC 60870-5-104 when bi-directional functionality is configured. Enabling secure communication following IEC 62351-3 does not fully remediate the vulnerability but helps mitigate the risk of exploitation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-1773. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart