CVEs for utility / grid control layer¶
CVE |
Product / Vendor |
Protocol or component |
Issue summary |
|---|---|---|---|
Hitachi Energy MicroSCADA X SYS600 |
IEC 61850-8 (IED / remote system) |
Crafted IEC 61850-8 message causes a denial of service → “disconnection loop”. |
|
Hitachi Energy (RTU500 device) |
IEC 61850 with TLS |
TLS renegotiation timing issue can lead to availability loss when the IEC 61850 communication is active. |
|
Hitachi Energy / ABB AC 800PEC suite |
IEC 61850 MMS server stack |
Crafted message sequence can stop the MMS server from accepting new client connections (affects availability). |
|
CG Automation ePAQ-9410 Substation Gateway |
DNP3 |
Remote attacker can send a crafted TCP packet that triggers Denial of Service (infinite loop or process crash). |
|
Same gateway / product |
DNP3 (serial / input over serial line) |
Physically proximate attacker can cause DoS via crafted inputs over serial. |
Patterns¶
Even modern SCADA / IEC 61850 stacks are vulnerable to availability attacks (Denial of Service), which are serious in substation control contexts.
Use of TLS / secure channels doesn’t automatically guarantee safety; certificate validation, handshake/renegotiation logic, and message parsing remain weak spots.
Older devices (gateways, RTUs) are especially risky, particularly when they expose DNP3-based drivers or services without hardened input validation.
Patching is essential, but so is network segmentation, access control, and monitoring traffic for malformed messages or anomalous TLS renegotiation patterns.