CVE-2025-1445

Name of the Vulnerable Software and Affected Versions Hitachi Energy RTU500 versions up to 13.7.4/13.7.5

Description A vulnerability exists in the RTU IEC 61850 client and server functionality that could impact availability if renegotiation of an open IEC61850 TLS connection takes place in specific timing situations, when IEC61850 communication is active. The precondition for this issue is that IEC61850 is configured using TLS on the RTU500 device, and it affects the CMU where the IEC61850 stack is configured.

Recommendations For versions up to 13.7.4/13.7.5, consider disabling the TLS renegotiation feature in the IEC61850 client and server functionality as a temporary workaround until a patch is available. Restrict access to the IEC61850 communication when it is active to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.