PatchSiren cyber security CVE debrief
CVE-2025-1445 Hitachi Energy CVE debrief
CVE-2025-1445 is a high-severity availability issue in Hitachi Energy RTU500 CMU Firmware when IEC 61850 is configured to use TLS and an open connection renegotiates during active communication. The advisory ties impact to specific timing conditions and to the CMU hosting the IEC 61850 stack. Hitachi Energy and CISA recommend upgrading to the fixed firmware and applying the advisory’s general mitigation factors until remediation is complete.
- Vendor
- Hitachi Energy
- Product
- CMU Firmware
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-03-25
- Original CVE updated
- 2025-09-09
- Advisory published
- 2025-03-25
- Advisory updated
- 2025-09-09
Who should care
Operators, integrators, and asset owners using Hitachi Energy RTU500 CMUs with IEC 61850 client or server functionality configured over TLS—especially in utility and other ICS environments where availability is critical.
Technical summary
The advisory describes a timing-dependent availability fault in RTU IEC 61850 client/server functionality. If an established IEC 61850 TLS connection renegotiates while IEC 61850 communication is active, the affected CMU can lose availability. The CSAF lists RTU500 series CMU Firmware 13.7.1–13.7.4 as affected, and the vendor fix is CMU Firmware 13.7.7. CISA’s revision history also shows later remediation updates that added fixed versions 13.5.4 and 13.6.3.
Defensive priority
High for affected RTU500 CMUs using IEC 61850 over TLS; prioritize where the device is production-critical or externally reachable, and lower priority only where TLS is not used or the affected version range is not present.
Recommended defensive actions
- Identify RTU500 CMUs running firmware 13.7.1–13.7.4 and confirm whether IEC 61850 client or server is configured with TLS.
- Upgrade to the vendor-fixed firmware version 13.7.7, or to the advisory’s later fixed versions referenced in the revision history where applicable.
- Apply the advisory’s general mitigation factors/workarounds until the upgrade can be completed.
- Validate the remediation in a maintenance window and confirm IEC 61850 availability after the update.
Evidence notes
The supplied CSAF advisory (ICSA-25-093-01) published on 2025-03-25 and modified on 2025-09-09 states that the issue affects RTU IEC 61850 client and server functionality when TLS is used on RTU500 devices and renegotiation occurs during active communication. The advisory’s affected product list names RTU500 series CMU Firmware 13.7.1–13.7.4, and the remediation section lists 13.7.7 as the vendor fix. The provided CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating a network-exploitable availability impact only. CISA’s revision history also records remediation updates on 2025-04-29 and 2025-09-09.
Official resources
-
CVE-2025-1445 CVE record
CVE.org
-
CVE-2025-1445 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in CISA ICS Advisory ICSA-25-093-01 on 2025-03-25. The advisory was updated on 2025-04-29 and 2025-09-09 to refine remediation guidance; those are advisory revision dates, not separate CVE issue dates.