Hitachi Energy has disclosed multiple vulnerabilities in RTU500 series devices affecting firmware versions 12.7.1 through 13.8.1. The flaws involve null pointer dereference and integer overflow issues that could cause denial of service. Affected organizations should update to firmware version 13.8.2 or 13.7.9 to remediate the issues.

Why it matters in Western Canada: RTU500 devices are deployed in critical infrastructure including energy systems and water utilities across Canada. Western Canadian energy operators and water authorities managing these systems face potential availability disruptions if exploitation occurs.

CVEs: CVE-2025-69421, CVE-2026-24515, CVE-2026-25210, CVE-2026-32776, CVE-2026-32777, CVE-2026-32778, CVE-2026-8479

---

Summary generated from the original advisory. Read the full source: cisa-advisories