How serious is CVE-2026-1773?

This vulnerability has a CVSS score of 8.7 out of 10, classified as HIGH severity. Proof-of-concept exploit code is publicly available, making this an active threat.

Is there exploit code available for CVE-2026-1773?

Yes, proof-of-concept exploit code for CVE-2026-1773 is publicly available on GitHub and security research platforms. This increases the risk of active exploitation.

Which products are affected by CVE-2026-1773?

CVE-2026-1773 affects hitachienergy rtu540 firmware. Check the full CVE details for specific version information.

How do I fix CVE-2026-1773?

To remediate CVE-2026-1773, check for security patches from hitachienergy. Apply all available updates and security patches. If no patch is available, implement recommended workarounds or security controls to mitigate the risk.

CVE-2026-1773

High

|8.7

Exploit Available

Plain English Summary

AI-powered analysis for quick understanding

This vulnerability allows an attacker to cause a Denial of Service, making the system unresponsive, by sending invalid data frames if the device is set up for bi-directional communication using the IEC 60870-5-104 protocol. Even though enabling secure communication can reduce the risk, it does not completely fix the issue.

Technical Description

IEC 60870-5-104: Potential Denial of Service impact on reception of invalid U-format frame. Product is only affected if IEC 60870-5-104 bi-directional functionality is configured. Enabling secure communication following IEC 62351-3 does not remediate the vulnerability but mitigates the risk of exploitation.

CVSS Vector Analysis

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionNone

Confidentiality ImpactHigh

Integrity ImpactHigh

Availability ImpactHigh

ScopeChanged

Vector String

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Exploit Resources

Search for proof-of-concept code and exploit modules

GitHub Search Exploit-DB Nuclei Templates Metasploit Vulners

Official References

NIST NVD

Est. Bounty

$4,579($1K-$5K)

Vendor Response

Grade APatched in 3 days

Quick Information

Published

Feb 24, 2026

about 1 month ago

Last Modified

Feb 27, 2026

about 1 month ago

Vendor

hitachienergy

Product

rtu540 firmware

Related Vulnerabilities

CVE-2026-2460High

An attacker with low-level access can exploit a vulnerability in the REB500 firmware to change files and directories they shouldn't be able to modify. This requires the attacker to already have authenticated access to the system, making it a serious risk if such users are compromised.

CVE-2026-2459High

This vulnerability allows an attacker with an Installer role to access and change files in directories they shouldn't be able to, potentially compromising the system's integrity. However, the attacker must already be authenticated as a user with the Installer role to exploit this weakness.

CVE-2026-1772Medium

An attacker can access sensitive user management information from the RTU500 device, even without proper permissions, by using tools like browser development utilities. This information is not directly available through the device's web interface, so the attacker needs to know how to use these additional tools to exploit the vulnerability.

CVE-2023-5769Medium

An attacker could inject malicious scripts into the web interface of the RTU500 series devices, potentially allowing them to steal sensitive information or perform actions on behalf of legitimate users. This vulnerability occurs because the device does not properly filter user input, making it easier for attackers to exploit it if they can access the webserver.