CVE-2026-1773

Q: What is the severity of CVE-2026-1773?

CVE-2026-1773 has a CVSS score of 7.5 (HIGH). This vulnerability affects IEC 60870-5-104 implementations when bi-directional functionality is configured. Attackers can send specially crafted invalid U-format frames to cause denial of service conditions. Only systems with IEC 60870-5-104 bi-directional communication enabled are vulnerable.

7.5 HIGH

Denial of Service

📋 TL;DR

This vulnerability affects IEC 60870-5-104 implementations when bi-directional functionality is configured. Attackers can send specially crafted invalid U-format frames to cause denial of service conditions. Only systems with IEC 60870-5-104 bi-directional communication enabled are vulnerable.

💻 Affected Systems

Products:

Hitachi Energy products implementing IEC 60870-5-104

Versions: All versions with IEC 60870-5-104 bi-directional functionality

Operating Systems: Not specified - protocol implementation dependent

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when IEC 60870-5-104 bi-directional functionality is explicitly configured and enabled.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete disruption of IEC 60870-5-104 communication services, potentially affecting industrial control system operations and grid stability.

🟠

Likely Case

Temporary service interruption requiring manual intervention to restore communication between control center and field devices.

🟢

If Mitigated

Limited impact with proper network segmentation and IEC 62351-3 secure communication, though vulnerability remains present.

🌐 Internet-Facing: LOW - Industrial control protocols like IEC 60870-5-104 should never be directly exposed to the internet.

🏢 Internal Only: MEDIUM - Requires attacker to have network access to vulnerable systems, but industrial networks often have limited security controls.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending malformed U-format frames to the vulnerable endpoint, which is straightforward for attackers with network access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: https://publisher.hitachienergy.com/preview?DocumentID=8DBD000237&LanguageCode=en&DocumentPartId=&Action=Launch

Restart Required: No

Instructions:

No official patch available. Follow vendor advisory and implement workarounds.

🔧 Temporary Workarounds

Disable IEC 60870-5-104 bi-directional functionality

all

If bi-directional communication is not required, disable this feature to eliminate the vulnerability.

Configuration specific - consult product documentation

Implement IEC 62351-3 secure communication

all

While not a remediation, IEC 62351-3 provides authentication and encryption that mitigates exploitation risk.

Configuration specific - consult IEC 62351-3 implementation guide

🧯 If You Can't Patch

Implement strict network segmentation to isolate IEC 60870-5-104 traffic
Deploy network monitoring and intrusion detection for abnormal IEC 60870-5-104 traffic patterns

🔍 How to Verify

Check if Vulnerable:

Check if IEC 60870-5-104 bi-directional functionality is enabled in product configuration

Check Version:

Product-specific - consult vendor documentation

Verify Fix Applied:

Verify IEC 60870-5-104 bi-directional functionality is disabled or IEC 62351-3 is properly implemented

📡 Detection & Monitoring

Log Indicators:

Unexpected connection resets
Protocol parsing errors
Service restart events

Network Indicators:

Malformed U-format frames in IEC 60870-5-104 traffic
Abnormal traffic patterns to IEC 60870-5-104 ports

SIEM Query:

source_port:2404 AND (protocol_anomaly:true OR frame_type:U AND malformed:true)

📊 Metadata

CVE ID: CVE-2026-1773

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-184

Published: February 24, 2026

Last Updated: February 27, 2026

🔗 References

https://publisher.hitachienergy.com/preview?DocumentID=8DBD000237&LanguageCode=en&DocumentPartId=&Action=Launch Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Rtu520 Firmware by Hitachienergy

Rtu520 Firmware by Hitachienergy

Rtu520 Firmware by Hitachienergy

Rtu520 Firmware by Hitachienergy

Rtu520 Firmware by Hitachienergy

Rtu530 Firmware by Hitachienergy

Rtu530 Firmware by Hitachienergy

Rtu530 Firmware by Hitachienergy

Rtu530 Firmware by Hitachienergy

Rtu530 Firmware by Hitachienergy

Rtu540 Firmware by Hitachienergy

Rtu540 Firmware by Hitachienergy

Rtu540 Firmware by Hitachienergy

Rtu540 Firmware by Hitachienergy

Rtu540 Firmware by Hitachienergy

Rtu560 Firmware by Hitachienergy

Rtu560 Firmware by Hitachienergy

Rtu560 Firmware by Hitachienergy

Rtu560 Firmware by Hitachienergy

Rtu560 Firmware by Hitachienergy

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable IEC 60870-5-104 bi-directional functionality

Implement IEC 62351-3 secure communication

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities