← Back to home
ICSA-25-259-02  ·  Published 2025-09-16  ·  View on CISA ICS-CERT ↗

Hitachi Energy RTU500 series

CVSS 7.5 HIGH

Risk Summary

Successful exploitation of these vulnerabilities could cause a Denial-of-Service condition in RTU500 devices.

CVEs (7)

Remediations

  • Hitachi Energy has identified the following specific workarounds and mitigations users can apply to reduce risk:
  • (CVE-2023-2953, CVE-2025-39203, CVE-2025-6021) RTU500 series CMU Firmware version 12.7.1 – 12.7.7: Update to CMU Firmware version 12.7.8 when available
  • (CVE-2023-2953, CVE-2025-39203, CVE-2025-6021) RTU500 series CMU Firmware version 13.5.1 – 13.5.3: Update to CMU Firmware version 13.5.4
  • (CVE-2023-2953, CVE-2025-39203, CVE-2025-6021) RTU500 series CMU Firmware version 13.6.1: Update to CMU Firmware version 13.6.3
  • (CVE-2023-2953) RTU500 series CMU Firmware version 12.7.1 – 12.7.7: Follow general mitigation factors /workarounds
  • (CVE-2023-2953, CVE-2025-39203) RTU500 series CMU Firmware version 13.6.1, RTU500 series CMU Firmware version 13.5.1 – 13.5.3, RTU500 series CMU Firmware version 13.7.1 – 13.7.6: Follow general mitigation factors/workarounds.
  • (CVE-2023-2953, CVE-2024-45490, CVE-2024-45491, CVE-2024-45492, CVE-2024-28757, CVE-2025-6021) RTU500 series CMU Firmware version 13.7.1 – 13.7.6: Update to CMU Firmware version 13.7.7
  • For more information see the associated Hitachi Energy PSIRT security advisory 8DBD000220 Multiple Vulnerabilities in Hitachi Energy's RTU500 series Product.
  • (CVE-2025-39203) RTU500 series CMU Firmware version 12.7.1 – 12.7.7: Follow general mitigation factors/ workarounds.
  • (CVE-2025-39203) RTU500 series CMU Firmware version 13.4.1 – 13.4.4, RTU500 series CMU Firmware version 13.7.1 – 13.7.6: Update to CMU Firmware version 13.7.7
  • (CVE-2025-39203) RTU500 series CMU Firmware version 13.4.1 – 13.4.4: Follow General Mitigation Factors/Workarounds.
  • (CVE-2024-45490, CVE-2024-45491, CVE-2024-45492, CVE-2024-28757) RTU500 series CMU Firmware version 13.7.1 – 13.7.6: Follow general mitigation factors/workarounds.
  • (CVE-2025-6021) RTU500 series CMU Firmware version 13.6.1, RTU500 series CMU Firmware version 12.7.1 – 12.7.7, RTU500 series CMU Firmware version 13.5.1 – 13.5.3, RTU500 series CMU Firmware version 13.7.1 – 13.7.6: Follow general mitigation factors/workarounds.

Affected Vendors

Hitachi Energy

Affected Products (5)

Hitachi Energy · Hitachi Energy RTU500 series 13.6.1
Hitachi Energy · Hitachi Energy RTU500 series >=12.7.1|<=12.7.7
Hitachi Energy · Hitachi Energy RTU500 series >=13.4.1|<=13.4.4
Hitachi Energy · Hitachi Energy RTU500 series >=13.5.1|<=13.5.3
Hitachi Energy · Hitachi Energy RTU500 series >=13.7.1|<=13.7.6

Affected Sectors

Energy

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more