CVE-2025-1445

EPSS 0.06%
Published 25.03.2025 12:38:56
Last modified 27.03.2025 16:45:46
Source cybersecurity@hitachienergy.co
Teams watchlist Login
Open Login

A vulnerability exists in RTU IEC 61850 client and server functionality that could impact the availability if renegotiation of an open IEC61850 TLS connection takes place in specific timing situations, when IEC61850 communication is active.

Precondition is that IEC61850 as client or server are configured using TLS on RTU500 device. It affects the CMU the IEC61850 stack is configured on.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorHitachi Energy

≫

Product RTU500

Default Statusunaffected

Version <= 13.7.4

Version 13.7.1

Status affected

Version 13.7.6

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.06%	0.182

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
cybersecurity@hitachienergy.com	8.7	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:A/V:X/RE:X/U:X
cybersecurity@hitachienergy.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-820 Missing Synchronization

The product utilizes a shared resource in a concurrent manner but does not attempt to synchronize access to the resource.

https://publisher.hitachienergy.com/preview?DocumentId=8DBD000207&languageCode=en&Preview=true

https://nvd.nist.gov/vuln/detail/CVE-2025-1445

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-1445

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-1445

EUVD