CVE-2026-8479_CVE-2026-8479

6.9 / 10

MEDIUM

CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Description

IEC 60870-5-104 used in bidirectional mode is vulnerable
for a NULL pointer dereferencing, if a specially crafted
sequence of messages is sent for a certain time, causing
Denial of Service impact.
Product is only affected if IEC 60870-5-104 functionality in
bidirectional mode (BCI) is configured.

Basic Information

ID CVE-2026-8479

Source Hitachi Energy

Published May 26, 2026 at 11:54

Affected Product

Vendor Hitachi Energy

Product RTU500 series CMU firmware

Version 12.7.1

Affected Versions Hitachi Energy RTU500 series CMU firmware 12.7.1
Hitachi Energy RTU500 series CMU firmware 13.5.1
Hitachi Energy RTU500 series CMU firmware 13.6.1
Hitachi Energy RTU500 series CMU firmware 13.7.1
Hitachi Energy RTU500 series CMU firmware 13.8.1

CWE Classification

CWE-476

References

publisher.hitachienergy.com /preview

{
    "lastseen": "",
    "description": "IEC 60870-5-104 used in bidirectional mode is vulnerable\nfor a NULL pointer dereferencing, if a specially crafted\nsequence of messages is sent for a certain time, causing\nDenial of Service impact.\nProduct is only affected if IEC 60870-5-104 functionality in\nbidirectional mode (BCI) is configured.",
    "published": "2026-05-26T11:54:09.962Z",
    "modified": "2026-05-26T11:54:09.962Z",
    "type": "cve",
    "title": "CVE-2026-8479",
    "source": "Hitachi Energy",
    "references": "https://publisher.hitachienergy.com/preview?DocumentID=8DBD000252&LanguageCode=en&DocumentPartId=&Action=Launch",
    "id": "CVE-2026-8479",
    "bulletinFamily": "",
    "cwe": [
        "CWE-476"
    ],
    "cvelist": null,
    "sourceData": "Hitachi Energy RTU500 series CMU firmware 12.7.1\nHitachi Energy RTU500 series CMU firmware 13.5.1\nHitachi Energy RTU500 series CMU firmware 13.6.1\nHitachi Energy RTU500 series CMU firmware 13.7.1\nHitachi Energy RTU500 series CMU firmware 13.8.1",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "RTU500 series CMU firmware",
    "version": "12.7.1",
    "vendor": "Hitachi Energy",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}