PatchSiren cyber security CVE debrief
CVE-2024-12169 Hitachi Energy CVE debrief
CVE-2024-12169 is an availability-focused vulnerability in Hitachi Energy RTU500 CMU firmware. When IEC 62351-3 secure communication (TLS) is enabled, a specific attack sequence against IEC 60870-5-104 controlled station or IEC 61850 functionality can restart the affected CMU.
- Vendor
- Hitachi Energy
- Product
- CMU Firmware
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-03-25
- Original CVE updated
- 2025-09-09
- Advisory published
- 2025-03-25
- Advisory updated
- 2025-09-09
Who should care
OT/ICS operators, control engineers, and patch managers using Hitachi Energy RTU500 series CMU Firmware, especially deployments with IEC 62351-3 (TLS) enabled and IEC 60870-5-104 or IEC 61850 in use.
Technical summary
CISA’s CSAF advisory ICSA-25-093-01 maps CVE-2024-12169 to RTU500 series CMU Firmware versions 13.4.1–13.4.4, 13.5.1–13.5.3, 13.6.1, and 13.7.1–13.7.4. The issue is network-reachable with low attack complexity and low privileges per CVSS 3.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H), and the described effect is a CMU restart rather than data compromise. The advisory was revised on 2025-09-09 with updated fixed versions 13.5.4, 13.6.3, and 13.7.7.
Defensive priority
High for affected OT deployments where IEC 62351-3 TLS is enabled; otherwise lower priority because the advisory states the issue only applies when TLS-secured communication is in use.
Recommended defensive actions
- Upgrade affected RTU500 series CMU firmware to the vendor-fixed version identified in the latest advisory update: 13.7.7, or the corresponding fixed release for your branch (13.5.4 or 13.6.3).
- If you cannot patch immediately, apply the vendor’s general mitigation factors/workarounds from the Hitachi Energy advisory and CISA CSAF notice.
- Confirm whether IEC 62351-3 (TLS) is enabled on affected communications, since the vulnerability only applies in that configuration.
- Restrict network access to CMUs to authorized control and maintenance systems using segmentation and allow-listing consistent with ICS defense-in-depth guidance.
- Monitor for unexpected CMU restarts or service interruptions and validate recovery procedures for affected stations.
- Track the CISA advisory and vendor bulletin for any further remediation updates before maintenance windows are scheduled.
Evidence notes
This debrief is based on the supplied CISA CSAF advisory ICSA-25-093-01, its revision history, and the referenced Hitachi Energy advisory. The supplied corpus states the vulnerability affects RTU500 controlled station and IEC 61850 functionality only when IEC 62351-3 TLS is enabled, and it lists the affected firmware ranges and remediation updates. No KEV entry is present in the supplied data.
Official resources
-
CVE-2024-12169 CVE record
CVE.org
-
CVE-2024-12169 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CVE-2024-12169 was published on 2025-03-25 and the source advisory was modified on 2025-09-09. The supplied corpus shows revision updates to remediation guidance over time, including the latest fixed versions 13.5.4, 13.6.3, and 13.7.7.