CVE-2026-8479

Name of the Vulnerable Software and Affected Versions RTU500 (affected versions not specified)

Description RTU500 is susceptible to a NULL pointer dereferencing when IEC 60870-5-104 functionality is configured in bidirectional mode (BCI). A specially crafted sequence of messages sent over a specific duration can trigger this condition, resulting in a Denial of Service (DoS), which is a state where the system becomes unavailable to its intended users.

Recommendations As a temporary workaround, restrict or disable the use of IEC 60870-5-104 functionality in bidirectional mode (BCI). At the moment, there is no information about a newer version that contains a fix for this vulnerability.