Cyber·Monitoring
Shai-Hulud Supply-Chain Attack Trojanizes 19 PyPI Packages
PyPI repository (global online service)· Global4 Jun
5 reportsPROPCYCAS
MediumAI Refreshed
ClosedLow impactAI Generated
Hitachi Energy RTU500 ICS Firmware Multiple Vulnerabilities Disclosed
Occurred 26 May 2026·Detected 4 Jun 2026·
Global deployment; Hitachi Energy headquartered in Switzerland1 reportEnded 4 Jun 2026
CyberEnergyCyber
CISA has republished a Hitachi Energy advisory disclosing seven CVEs affecting RTU500 series CMU firmware, a remote terminal unit deployed globally in energy, water, and dam critical infrastructure sectors. The vulnerabilities primarily enable Denial of Service via NULL pointer dereference, integer overflow, and infinite loop conditions, with one CVE also carrying potential confidentiality and integrity impact. No active exploitation is reported, and vendor firmware patches are available.
AI-generated from linked source reports. See our correction policy.
Impact verdict
Low impact. No active exploitation is confirmed and no named insured asset, operational disruption, or loss estimate is reported. Patches are available from the vendor. While RTU500 devices are deployed in energy and water critical infrastructure globally, this advisory alone — absent evidence of exploitation causing operational downtime or a confirmed cyber claim — does not meet the threshold for a London Market loss pathway under the hard gate criteria.
View assessment methodologyHow we grade what we know -- Known · Reported · Uncertain. Methodology →
Intelligence ledger
Each line expands in place to its underlying sourced claim.
Known6 lines
Seven CVEs disclosed affecting RTU500 CMU firmware versions 12.7.1–13.8.1▾
structured lineknown
No separate sourced-claim record is available for this line yet.
CVSS scores range from 2.5 (LOW) to 7.8 (HIGH); primary impacts are Denial of Service▾
structured lineknown
No separate sourced-claim record is available for this line yet.
Affected critical infrastructure sectors: Dams, Energy, Water and Wastewater▾
structured lineknown
No separate sourced-claim record is available for this line yet.
Deployed worldwide; vendor headquartered in Switzerland▾
structured lineknown
No separate sourced-claim record is available for this line yet.
Vendor patches available: firmware 13.8.2 and 13.7.9 (pending)▾
structured lineknown
No separate sourced-claim record is available for this line yet.
No active exploitation reported; SSVC exploitation status listed as 'None'▾
structured lineknown
No separate sourced-claim record is available for this line yet.
Reported2 lines
CVE-2026-25210 carries potential confidentiality and integrity impact in addition to DoS▾
structured linereported
No separate sourced-claim record is available for this line yet.
Vulnerabilities triggered only under specific configuration conditions (IEC 61850, IEC 60870-5-104 BCI, or PKI client)▾
structured linereported
No separate sourced-claim record is available for this line yet.
Uncertain3 lines
Number of deployed RTU500 units in production environments globally▾
structured lineuncertain
No separate sourced-claim record is available for this line yet.
Whether any insured critical infrastructure operators have unpatched exposure▾
structured lineuncertain
No separate sourced-claim record is available for this line yet.
Whether exploitation in the wild has occurred but not yet reported▾
structured lineuncertain
No separate sourced-claim record is available for this line yet.
Timeline
Status Change6 Jun 2026, 23:30
Lifecycle changed
monitoring → closed
Closure6 Jun 2026, 23:30
Event Closed
auto_closed_monitoring_timeout
Status Change4 Jun 2026, 23:30
Status changed to monitoring
Auto-transitioned: no updates for 6 hours
active → monitoring
Initial Detection4 Jun 2026, 16:34
Initial Detection
CISA has republished a Hitachi Energy advisory disclosing seven CVEs affecting RTU500 series CMU firmware, a remote terminal unit deployed globally in energy, water, and dam critical infrastructure sectors. The vulnerabilities primarily enable Denial of Service via NULL pointer dereference, integer overflow, and infinite loop conditions, with one CVE also carrying potential confidentiality and integrity impact. No active exploitation is reported, and vendor firmware patches are available.
Critical Infrastructure Sectors: Dams, Energy, Water and Wastewater Countries/Areas Deployed: Worldwide... If exploited, these vulnerabilities primarily impact product availability, with potential secondary impacts on confidentiality and integrity.
Source: CISA Advisories (Official Advisory) · View source
Status Change4 Jun 2026, 16:34
Status changed to active
evidence_trigger: authoritative_fast_track
signal → active
Lloyd's classifications
Tracking this kind of risk? Get an email when Cyber events escalate.
Get alerts