CVE-2026-24515
Hitachi Energy is aware of vulnerabilities that affect RTU500 product versions listed in this document. If exploited, these vulnerabilities primarily impact product availability, with potential secondary impacts on confidentiality and integrity. Please refer to the Recommended Immediate Actions for information about the mitigation/remediation. The following versions of Hitachi Energy RTU500 are affected: RTU500 series CMU Firmware vers:RTU500_series_CMU_Firmware/>=12.7.1|=13.5.1|=13.6.1|=13.7.1|=13.7.1| CVSS Vendor Equipment Vulnerabilities v3 7.8 Hitachi Energy Hitachi Energy RTU500 NULL Pointer Dereference, Integer Overflow or Wraparound, Loop with Unreachable Exit Condition ('Infinite Loop') Background Critical Infrastructure Sectors: Dams, Energy, Water and Wastewater Countries/Areas Deployed: Worldwide Company Headquarters Location: Switzerland
EPSS 0.01% · 0.6th percentile
Risk Scores
Exploit Intelligence
- USN-8023-1.json (github-poc)
- USN-8023-1.json (github-poc)
- USN-8023-1.json (github-poc)
- USN-8023-1.json (github-poc)
- USN-8023-1.json (github-poc)
- dockerscan.yml (github-poc)
- dockerscan.yml (github-poc)
- dockerscan.yml (github-poc)
- dockerscan.yml (github-poc)
- dockerscan.yml (github-poc)
…and 20 more exploits
Timeline
- Jan 23, 2026 EPSS Score
- Jan 23, 2026 CVE Published
- Jan 26, 2026 EPSS Score
- Jan 28, 2026 EPSS Score
- Jan 31, 2026 EPSS Score
- Feb 3, 2026 EPSS Score
- Feb 5, 2026 EPSS Score
- Feb 8, 2026 EPSS Score
- Feb 11, 2026 EPSS Score
- Feb 13, 2026 EPSS Score
- Feb 16, 2026 EPSS Score
- Feb 19, 2026 EPSS Score
References
- https://www.cisa.gov/news-events/ics-advisories/icsa-26-155-04 advisory
- https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-155-04.json advisory
- https://www.cve.org/CVERecord?id=CVE-2025-69421 technical
- https://cwe.mitre.org/data/definitions/476.html technical
- https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H technical
- https://www.cve.org/CVERecord?id=CVE-2026-24515 technical
- https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L technical
- https://www.cve.org/CVERecord?id=CVE-2026-25210 technical
- https://cwe.mitre.org/data/definitions/190.html technical
- https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H technical
- https://www.cve.org/CVERecord?id=CVE-2026-32776 technical
- https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H technical
- https://www.cve.org/CVERecord?id=CVE-2026-32777 technical
- https://cwe.mitre.org/data/definitions/835.html technical
- https://www.cve.org/CVERecord?id=CVE-2026-32778 technical
- https://www.cve.org/CVERecord?id=CVE-2026-8479 technical
- https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H technical
- https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N technical