Cyber Resilience

CVE-2026-1773

High

Published: 24 February 2026

Published
24 February 2026
Modified
26 May 2026
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0041 32.7th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-1773 is a high-severity Incomplete List of Disallowed Inputs (CWE-184) vulnerability in Hitachienergy Rtu540 Firmware. Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 32.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2026-1773 is a vulnerability in the IEC 60870-5-104 protocol that can cause a denial of service upon reception of an invalid U-format frame. It affects Hitachi Energy products only if IEC 60870-5-104 bi-directional functionality is configured. The issue is rated with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and is associated with CWE-184.

A remote network-based attacker requires no privileges or user interaction to exploit this vulnerability by sending an invalid U-format frame, potentially disrupting service availability on affected products.

The Hitachi Energy advisory (https://publisher.hitachienergy.com/preview?DocumentID=8DBD000237&LanguageCode=en&DocumentPartId=&Action=Launch) notes that enabling secure communication following IEC 62351-3 does not remediate the vulnerability but mitigates the risk of exploitation.

EU & UK References

Vulnerability details

IEC 60870-5-104 used in RTU500: Potential Denial of Service impact on reception of invalid U-format frame. Product is only affected if IEC 60870-5-104 bi-directional functionality is configured. Enabling secure communication following IEC 62351-3 does not remediate the vulnerability but mitigates…

more

the risk of exploitation.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Remote unauthenticated network exploit of protocol implementation flaw directly enables T1190 (public-facing application) and T1499.004 (application exploitation for endpoint DoS).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-2459Same vendor: Hitachienergy
CVE-2025-48732Shared CWE-184
CVE-2026-2460Same vendor: Hitachienergy
CVE-2026-43532Shared CWE-184
CVE-2026-43566Shared CWE-184
CVE-2026-28363Shared CWE-184
CVE-2026-48557Shared CWE-184
CVE-2026-34415Shared CWE-184
CVE-2026-42590Shared CWE-184
CVE-2026-32017Shared CWE-184

Affected Assets

hitachienergy
rtu540 firmware
13.8.1 · 12.7.1 — 12.7.7 · 13.5.1 — 13.5.4 · 13.6.1 — 13.6.2
hitachienergy
rtu560 firmware
13.8.1 · 12.7.1 — 12.7.7 · 13.5.1 — 13.5.4 · 13.6.1 — 13.6.2
hitachienergy
rtu520 firmware
13.8.1 · 12.7.1 — 12.7.7 · 13.5.1 — 13.5.4 · 13.6.1 — 13.6.2
hitachienergy
rtu530 firmware
13.8.1 · 12.7.1 — 12.7.7 · 13.5.1 — 13.5.4 · 13.6.1 — 13.6.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of protocol frames (U-format) so that malformed input cannot trigger DoS.

prevent

Mandates protection mechanisms against network DoS attacks that exploit invalid IEC 60870-5-104 frames.

prevent

Requires transmission integrity controls (as provided by IEC 62351-3) that block unauthenticated attackers from sending malicious frames.

References