All news with #xml entity expansion tag

Hitachi Energy RTU500 Series: Multiple DoS Vulnerabilities

⚠️ Hitachi Energy reported multiple vulnerabilities in the RTU500 series including null pointer dereference, XML parser flaws, heap and stack buffer overflows, integer overflow, and IEC 61850 message validation errors. Several CVEs have been assigned (e.g., CVE-2023-2953, CVE-2024-45490–45492, CVE-2024-28757, CVE-2025-39203, CVE-2025-6021) and the highest CVSS v4 score is 8.2. Exploitation could cause Denial-of-Service conditions such as device reboots or disconnects. Hitachi Energy provides firmware updates for affected 12.7.x–13.7.x releases and CISA recommends patching, minimizing network exposure, applying segmentation, and using secure remote access.