CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-1445: A vulnerability exists in RTU IEC 61850 client and server functionality that could impact the availability if renegotiation of an open IEC61850 TLS...

8.7 CVSS

Description

A vulnerability exists in RTU IEC 61850 client and server functionality that could impact the availability if renegotiation of an open IEC61850 TLS connection takes place in specific timing situations, when IEC61850 communication is active.

Precondition is that IEC61850 as client or server are configured using TLS on RTU500 device. It affects the CMU the IEC61850 stack is configured on.

Classification

CVE ID: CVE-2025-1445

CVSS Base Severity: HIGH

CVSS Base Score: 8.7

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/R:A

Problem Types

CWE-820: Missing Synchronization

Affected Products

Vendor: Hitachi Energy

Product: RTU500

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 13.54% (scored less or equal to compared to others)

EPSS Date: 2025-04-23 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-1445
https://publisher.hitachienergy.com/preview?DocumentId=8DBD000207&languageCode=en&Preview=true

Timeline

2025-03-25 13:40:10 UTC
CVE

A vulnerability exists in RTU IEC 61850 client and server functionality that could impact the availability if renegotiation of an open IEC61850 TLS...