CVE-2026-1773
Published: 24 February 2026
Summary
CVE-2026-1773 is a high-severity Incomplete List of Disallowed Inputs (CWE-184) vulnerability in Hitachienergy Rtu540 Firmware. Its CVSS base score is 8.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 32.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2026-1773 is a vulnerability in the IEC 60870-5-104 protocol that can cause a denial of service upon reception of an invalid U-format frame. It affects Hitachi Energy products only if IEC 60870-5-104 bi-directional functionality is configured. The issue is rated with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and is associated with CWE-184.
A remote network-based attacker requires no privileges or user interaction to exploit this vulnerability by sending an invalid U-format frame, potentially disrupting service availability on affected products.
The Hitachi Energy advisory (https://publisher.hitachienergy.com/preview?DocumentID=8DBD000237&LanguageCode=en&DocumentPartId=&Action=Launch) notes that enabling secure communication following IEC 62351-3 does not remediate the vulnerability but mitigates the risk of exploitation.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-8462
Vulnerability details
IEC 60870-5-104 used in RTU500: Potential Denial of Service impact on reception of invalid U-format frame. Product is only affected if IEC 60870-5-104 bi-directional functionality is configured. Enabling secure communication following IEC 62351-3 does not remediate the vulnerability but mitigates…
more
the risk of exploitation.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote unauthenticated network exploit of protocol implementation flaw directly enables T1190 (public-facing application) and T1499.004 (application exploitation for endpoint DoS).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation of protocol frames (U-format) so that malformed input cannot trigger DoS.
Mandates protection mechanisms against network DoS attacks that exploit invalid IEC 60870-5-104 frames.
Requires transmission integrity controls (as provided by IEC 62351-3) that block unauthenticated attackers from sending malicious frames.