Protective relays single-packet DoS flaw (CVE-2015-5374)
Vulnerability
Summary
Hide ▲
Show ▼
A CVE-2015-5374 flaw in protective relays leaves some PAC devices exposed to single-packet denial-of-service, because many deployments are still unpatched. That creates ongoing availability risk for energy OT systems that rely on these relays for protection and control. Fixes have existed since 2015, but the exposure persists in current environments.
Related Happenings
Recurring OT security gaps across energy OT networks
Target Trend
First: 29.01.2026 13:55
Last: 29.01.2026 13:55
Sources 1
How related:
A study by OMICRON has revealed widespread cybersecurity gaps in the operational technology (OT) networks of substations, power plants, and control centers worldwide.
About this happening:
A study by **OMICRON** found recurring **cybersecurity gaps** across **OT networks** in **substations, power plants, and control centers**, exposing critical energy infrastructure...
Recurring OT security gaps across energy OT networks
Target TrendHow related: A study by OMICRON has revealed widespread cybersecurity gaps in the operational technology (OT) networks of substations, power plants, and control centers worldwide.
About this happening: A study by **OMICRON** found recurring **cybersecurity gaps** across **OT networks** in **substations, power plants, and control centers**, exposing critical energy infrastructure...
HPE OneView RondoDox exploitation wave (CVE-2025-37164)
Exploitation Wave
First: 16.01.2026 11:15
Last: 16.01.2026 11:15
Sources 1
About this happening:
**RondoDox** has driven a **large-scale exploitation wave** against **HPE OneView** by targeting **CVE-2025-37164**, with activity escalating into **automated attacks** that creat...
HPE OneView RondoDox exploitation wave (CVE-2025-37164)
Exploitation WaveAbout this happening: **RondoDox** has driven a **large-scale exploitation wave** against **HPE OneView** by targeting **CVE-2025-37164**, with activity escalating into **automated attacks** that creat...
Cisco IOS XE BADCANDY exploitation wave (CVE-2023-20198)
Exploitation Wave
First: 01.11.2025 15:43
Last: 01.11.2025 15:43
Sources 1
About this happening:
A sustained **BADCANDY** exploitation wave is targeting **unpatched Cisco IOS XE devices** in **Australia**, with repeated compromise linked to **CVE-2023-20198**. ASD estimated u...
Cisco IOS XE BADCANDY exploitation wave (CVE-2023-20198)
Exploitation WaveAbout this happening: A sustained **BADCANDY** exploitation wave is targeting **unpatched Cisco IOS XE devices** in **Australia**, with repeated compromise linked to **CVE-2023-20198**. ASD estimated u...
Timeline
-
29.01.2026 13:55 2 articles · 3mo ago
OMICRON study exposes unpatched CVE-2015-5374 protective relay risk
Initial DisclosureOMICRON's StationGuard study flagged widespread OT cybersecurity gaps in substations, power plants, and control centers, including unpatched PAC devices affected by CVE-2015-5374, weak network segmentation, insecure external connections, and incomplete asset inventories. The analysis says patches for CVE-2015-5374 have been available since 2015 while numerous devices remain unpatched.
Show sources
- Survey of 100+ Energy Systems Reveals Critical OT Cybersecurity Gaps — thehackernews.com — 29.01.2026 13:55
- Survey of 100+ Energy Systems Reveals Critical OT Cybersecurity Gaps — thehackernews.com — 29.01.2026 13:55