Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-39203 (GCVE-0-2025-39203)
Vulnerability from cvelistv5 – Published: 2025-06-24 11:57 – Updated: 2025-10-07 10:00
VLAI?
EPSS
Summary
A vulnerability exists in the IEC 61850 of the MicroSCADA X SYS600 product. An IEC 61850-8 crafted message content from IED or remote system can cause a denial of service resulting in disconnection loop.
Severity ?
CWE
- CWE-354 - Improper Validation of Integrity Check Value
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hitachi Energy | MicroSCADA X SYS600 |
Affected:
10.5 , ≤ 10.6
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-39203",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-24T15:22:09.329141Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-25T12:42:19.734Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MicroSCADA X SYS600",
"vendor": "Hitachi Energy",
"versions": [
{
"lessThanOrEqual": "10.6",
"status": "affected",
"version": "10.5",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability exists in the IEC 61850 of the MicroSCADA X SYS600 product. An IEC 61850-8 crafted message content from IED or remote system can cause a denial of service resulting in disconnection loop."
}
],
"value": "A vulnerability exists in the IEC 61850 of the MicroSCADA X SYS600 product. An IEC 61850-8 crafted message content from IED or remote system can cause a denial of service resulting in disconnection loop."
}
],
"impacts": [
{
"capecId": "CAPEC-595",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-595 Connection Reset"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-354",
"description": "CWE-354 Improper Validation of Integrity Check Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-07T10:00:29.745Z",
"orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"shortName": "Hitachi Energy"
},
"references": [
{
"url": "https://publisher.hitachienergy.com/preview?DocumentID=8DBD000218\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"assignerShortName": "Hitachi Energy",
"cveId": "CVE-2025-39203",
"datePublished": "2025-06-24T11:57:04.229Z",
"dateReserved": "2025-04-16T05:26:03.424Z",
"dateUpdated": "2025-10-07T10:00:29.745Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-39203\",\"sourceIdentifier\":\"cybersecurity@hitachienergy.com\",\"published\":\"2025-06-24T12:15:21.380\",\"lastModified\":\"2026-01-26T18:45:18.483\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability exists in the IEC 61850 of the MicroSCADA X SYS600 product. An IEC 61850-8 crafted message content from IED or remote system can cause a denial of service resulting in disconnection loop.\"},{\"lang\":\"es\",\"value\":\"Existe una vulnerabilidad en la norma IEC 61850 del producto MicroSCADA X SYS600. Un mensaje IEC 61850-8 manipulado desde un dispositivo electr\u00f3nico (IED) o un sistema remoto puede causar una denegaci\u00f3n de servicio que genere un bucle de desconexi\u00f3n.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"cybersecurity@hitachienergy.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"cybersecurity@hitachienergy.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"cybersecurity@hitachienergy.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-354\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachienergy:microscada_x_sys600:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.5\",\"versionEndExcluding\":\"10.7\",\"matchCriteriaId\":\"DA1AD5E0-B025-436C-BD0A-83865A6A0372\"}]}]}],\"references\":[{\"url\":\"https://publisher.hitachienergy.com/preview?DocumentID=8DBD000218\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\",\"source\":\"cybersecurity@hitachienergy.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-39203\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-06-24T15:22:09.329141Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-06-24T15:22:10.392Z\"}}], \"cna\": {\"source\": {\"discovery\": \"UNKNOWN\"}, \"impacts\": [{\"capecId\": \"CAPEC-595\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-595 Connection Reset\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}, {\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 7.1, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"LOW\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Hitachi Energy\", \"product\": \"MicroSCADA X SYS600\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.5\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"10.6\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://publisher.hitachienergy.com/preview?DocumentID=8DBD000218\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability exists in the IEC 61850 of the MicroSCADA X SYS600 product. An IEC 61850-8 crafted message content from IED or remote system can cause a denial of service resulting in disconnection loop.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"A vulnerability exists in the IEC 61850 of the MicroSCADA X SYS600 product. An IEC 61850-8 crafted message content from IED or remote system can cause a denial of service resulting in disconnection loop.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-354\", \"description\": \"CWE-354 Improper Validation of Integrity Check Value\"}]}], \"providerMetadata\": {\"orgId\": \"e383dce4-0c27-4495-91c4-0db157728d17\", \"shortName\": \"Hitachi Energy\", \"dateUpdated\": \"2025-10-07T10:00:29.745Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-39203\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-07T10:00:29.745Z\", \"dateReserved\": \"2025-04-16T05:26:03.424Z\", \"assignerOrgId\": \"e383dce4-0c27-4495-91c4-0db157728d17\", \"datePublished\": \"2025-06-24T11:57:04.229Z\", \"assignerShortName\": \"Hitachi Energy\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
ICSA-25-184-02
Vulnerability from csaf_cisa - Published: 2025-07-03 06:00 - Updated: 2025-07-03 06:00Summary
Hitachi Energy MicroSCADA X SYS600
Notes
Legal Notice: All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation: Successful exploitation of these vulnerabilities could allow an attacker to tamper with the system file, overwrite files, create a denial-of-service condition, or leak file content.
Critical infrastructure sectors: Energy
Countries/areas deployed: Worldwide
Company headquarters location: Switzerland
Recommended Practices: CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:
Recommended Practices: Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
Recommended Practices: Locate control system networks and remote devices behind firewalls and isolating them from business networks.
Recommended Practices: When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.
Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices: CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.
Recommended Practices: Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices: Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
Recommended Practices: CISA also recommends users take the following measures to protect themselves from social engineering attacks:
Recommended Practices: Do not click web links or open attachments in unsolicited email messages.
Recommended Practices: Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.
Recommended Practices: Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.
Recommended Practices: No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.
6.1 (Medium)
Mitigation
Hitachi Energy has identified the following specific workarounds and mitigations users can apply to reduce risk:
Mitigation
(CVE-2025-39201, CVE-2025-39202, CVE-2025-39204) Hitachi Energy MicroSCADA X SYS600 versions from 10.0 to 10.6: Update to version 10.7
Mitigation
The following product versions have been fixed:
Mitigation
MicroSCADA X SYS600 10.7 is a fixed version for CVE-2025-39201
Vendor Fix
For more information see the associated Hitachi Energy PSIRT security advisory 8DBD000218 Cybersecurity Advisory - Multiple vulnerabilities in Hitachi Energy MicroSCADA Pro/X SYS600 product.
https://publisher.hitachienergy.com/preview?Docum…
7.3 (High)
Mitigation
Hitachi Energy has identified the following specific workarounds and mitigations users can apply to reduce risk:
Mitigation
(CVE-2025-39201, CVE-2025-39202, CVE-2025-39204) Hitachi Energy MicroSCADA X SYS600 versions from 10.0 to 10.6: Update to version 10.7
Mitigation
The following product versions have been fixed:
Mitigation
MicroSCADA X SYS600 10.7 is a fixed version for CVE-2025-39202
Vendor Fix
For more information see the associated Hitachi Energy PSIRT security advisory 8DBD000218 Cybersecurity Advisory - Multiple vulnerabilities in Hitachi Energy MicroSCADA Pro/X SYS600 product.
https://publisher.hitachienergy.com/preview?Docum…
6.5 (Medium)
Mitigation
Hitachi Energy has identified the following specific workarounds and mitigations users can apply to reduce risk:
Mitigation
(CVE-2025-39203) Hitachi Energy MicroSCADA X SYS600 versions from 10.5 to 10.6: Update to version 10.7
Mitigation
The following product versions have been fixed:
Mitigation
MicroSCADA X SYS600 10.7 is a fixed version for CVE-2025-39203
Vendor Fix
For more information see the associated Hitachi Energy PSIRT security advisory 8DBD000218 Cybersecurity Advisory - Multiple vulnerabilities in Hitachi Energy MicroSCADA Pro/X SYS600 product.
https://publisher.hitachienergy.com/preview?Docum…
6.5 (Medium)
Mitigation
Hitachi Energy has identified the following specific workarounds and mitigations users can apply to reduce risk:
Mitigation
(CVE-2025-39201, CVE-2025-39202, CVE-2025-39204) Hitachi Energy MicroSCADA X SYS600 versions from 10.0 to 10.6: Update to version 10.7
Mitigation
The following product versions have been fixed:
Mitigation
MicroSCADA X SYS600 10.7 is a fixed version for CVE-2025-39204
Vendor Fix
For more information see the associated Hitachi Energy PSIRT security advisory 8DBD000218 Cybersecurity Advisory - Multiple vulnerabilities in Hitachi Energy MicroSCADA Pro/X SYS600 product.
https://publisher.hitachienergy.com/preview?Docum…
6.5 (Medium)
Mitigation
Hitachi Energy has identified the following specific workarounds and mitigations users can apply to reduce risk:
Mitigation
(CVE-2025-39205) Hitachi Energy MicroSCADA X SYS600 versions from 10.3 to 10.6: Update to version 10.7
Mitigation
The following product versions have been fixed:
Mitigation
MicroSCADA X SYS600 10.7 is a fixed version for CVE-2025-39205
Vendor Fix
For more information see the associated Hitachi Energy PSIRT security advisory 8DBD000218 Cybersecurity Advisory - Multiple vulnerabilities in Hitachi Energy MicroSCADA Pro/X SYS600 product.
https://publisher.hitachienergy.com/preview?Docum…
References
Acknowledgments
Hitachi Energy PSIRT
{
"document": {
"acknowledgments": [
{
"organization": "Hitachi Energy PSIRT",
"summary": "reporting these vulnerabilities to CISA"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "Successful exploitation of these vulnerabilities could allow an attacker to tamper with the system file, overwrite files, create a denial-of-service condition, or leak file content. ",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Energy",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Switzerland",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolating them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also recommends users take the following measures to protect themselves from social engineering attacks:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Do not click web links or open attachments in unsolicited email messages.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-25-184-02 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2025/icsa-25-184-02.json"
},
{
"category": "self",
"summary": "ICSA Advisory ICSA-25-184-02 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-184-02"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ncas/tips/ST04-014"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Hitachi Energy MicroSCADA X SYS600",
"tracking": {
"current_release_date": "2025-07-03T06:00:00.000000Z",
"generator": {
"date": "2025-07-03T14:03:54.611592Z",
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-25-184-02",
"initial_release_date": "2025-07-03T06:00:00.000000Z",
"revision_history": [
{
"date": "2025-07-03T06:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "Initial Publication"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=10.0|\u003c10.6",
"product": {
"name": "Hitachi Energy Hitachi Energy MicroSCADA Pro/X SYS600: \u003e=10.0|\u003c10.6",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "Hitachi Energy MicroSCADA Pro/X SYS600"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=10.5|\u003c10.6",
"product": {
"name": "Hitachi Energy Hitachi Energy MicroSCADA Pro/X SYS600: \u003e=10.5|\u003c10.6",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "Hitachi Energy MicroSCADA Pro/X SYS600"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=10.3|\u003c10.6",
"product": {
"name": "Hitachi Energy Hitachi Energy MicroSCADA Pro/X SYS600: \u003e=10.3|\u003c10.6",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "Hitachi Energy MicroSCADA Pro/X SYS600"
}
],
"category": "vendor",
"name": "Hitachi Energy"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-39201",
"cwe": {
"id": "CWE-276",
"name": "Incorrect Default Permissions"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability exists in the mailslot functionality of the MicroSCADA X SYS600 product. If exploited this could allow a local attacker to tamper the mailslot configuration file, making denial of mailslot a related service.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39201"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy has identified the following specific workarounds and mitigations users can apply to reduce risk:",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "(CVE-2025-39201, CVE-2025-39202, CVE-2025-39204) Hitachi Energy MicroSCADA X SYS600 versions from 10.0 to 10.6: Update to version 10.7",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "The following product versions have been fixed:",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "MicroSCADA X SYS600 10.7 is a fixed version for CVE-2025-39201",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "For more information see the associated Hitachi Energy PSIRT security advisory 8DBD000218 Cybersecurity Advisory - Multiple vulnerabilities in Hitachi Energy MicroSCADA Pro/X SYS600 product.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000218\u0026languageCode=en\u0026Preview=true"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2025-39202",
"cwe": {
"id": "CWE-73",
"name": "External Control of File Name or Path"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability exists in Monitor Pro and Supervision log of MicroSCADA X SYS600 product. Local, authenticated low privilege user can see and overwrite files causing information leak and data corruption.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39202"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:H/SA:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy has identified the following specific workarounds and mitigations users can apply to reduce risk:",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "(CVE-2025-39201, CVE-2025-39202, CVE-2025-39204) Hitachi Energy MicroSCADA X SYS600 versions from 10.0 to 10.6: Update to version 10.7",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "The following product versions have been fixed:",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "MicroSCADA X SYS600 10.7 is a fixed version for CVE-2025-39202",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "For more information see the associated Hitachi Energy PSIRT security advisory 8DBD000218 Cybersecurity Advisory - Multiple vulnerabilities in Hitachi Energy MicroSCADA Pro/X SYS600 product.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000218\u0026languageCode=en\u0026Preview=true"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2025-39203",
"cwe": {
"id": "CWE-354",
"name": "Improper Validation of Integrity Check Value"
},
"notes": [
{
"category": "summary",
"text": "Crafted message content from IED or remote system can cause denial-of-service resulting in disconnection loop.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39203"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy has identified the following specific workarounds and mitigations users can apply to reduce risk:",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "(CVE-2025-39203) Hitachi Energy MicroSCADA X SYS600 versions from 10.5 to 10.6: Update to version 10.7",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "The following product versions have been fixed:",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "MicroSCADA X SYS600 10.7 is a fixed version for CVE-2025-39203",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "For more information see the associated Hitachi Energy PSIRT security advisory 8DBD000218 Cybersecurity Advisory - Multiple vulnerabilities in Hitachi Energy MicroSCADA Pro/X SYS600 product.",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000218\u0026languageCode=en\u0026Preview=true"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2025-39204",
"cwe": {
"id": "CWE-202",
"name": "Exposure of Sensitive Information Through Data Queries"
},
"notes": [
{
"category": "summary",
"text": "Filtering query in MicroSCADA X SYS600 can be malformed, so returning data can leak any file content.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39204"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy has identified the following specific workarounds and mitigations users can apply to reduce risk:",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "(CVE-2025-39201, CVE-2025-39202, CVE-2025-39204) Hitachi Energy MicroSCADA X SYS600 versions from 10.0 to 10.6: Update to version 10.7",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "The following product versions have been fixed:",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "MicroSCADA X SYS600 10.7 is a fixed version for CVE-2025-39204",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "For more information see the associated Hitachi Energy PSIRT security advisory 8DBD000218 Cybersecurity Advisory - Multiple vulnerabilities in Hitachi Energy MicroSCADA Pro/X SYS600 product.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000218\u0026languageCode=en\u0026Preview=true"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2025-39205",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability exists in MicroSCADA X SYS600 certificate validation system. TLS protocol was allowing remote Man-in-the-Middle attack due to giving too many permissions.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0003"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39205"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy has identified the following specific workarounds and mitigations users can apply to reduce risk:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0003"
]
},
{
"category": "mitigation",
"details": "(CVE-2025-39205) Hitachi Energy MicroSCADA X SYS600 versions from 10.3 to 10.6: Update to version 10.7",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0003"
]
},
{
"category": "mitigation",
"details": "The following product versions have been fixed:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0003"
]
},
{
"category": "mitigation",
"details": "MicroSCADA X SYS600 10.7 is a fixed version for CVE-2025-39205",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "For more information see the associated Hitachi Energy PSIRT security advisory 8DBD000218 Cybersecurity Advisory - Multiple vulnerabilities in Hitachi Energy MicroSCADA Pro/X SYS600 product.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0003"
],
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000218\u0026languageCode=en\u0026Preview=true"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0003"
]
}
]
}
]
}
ICSA-25-259-02
Vulnerability from csaf_cisa - Published: 2025-09-16 06:00 - Updated: 2025-09-16 06:00Summary
Hitachi Energy RTU500 series
Notes
Legal Notice: All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation: Successful exploitation of these vulnerabilities could cause a Denial-of-Service condition in RTU500 devices.
Critical infrastructure sectors: Energy
Countries/areas deployed: Worldwide
Company headquarters location: Switzerland
Recommended Practices: CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:
Recommended Practices: Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
Recommended Practices: Locate control system networks and remote devices behind firewalls and isolating them from business networks.
Recommended Practices: When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.
Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices: CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.
Recommended Practices: Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices: Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
Recommended Practices: CISA also recommends users take the following measures to protect themselves from social engineering attacks:
Recommended Practices: Do not click web links or open attachments in unsolicited email messages.
Recommended Practices: Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.
Recommended Practices: Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.
Recommended Practices: No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.
7.5 (High)
Mitigation
Hitachi Energy has identified the following specific workarounds and mitigations users can apply to reduce risk:
Mitigation
(CVE-2023-2953, CVE-2025-39203, CVE-2025-6021) RTU500 series CMU Firmware version 12.7.1 – 12.7.7: Update to CMU Firmware version 12.7.8 when available
Mitigation
(CVE-2023-2953, CVE-2025-39203, CVE-2025-6021) RTU500 series CMU Firmware version 13.5.1 – 13.5.3: Update to CMU Firmware version 13.5.4
Mitigation
(CVE-2023-2953, CVE-2025-39203, CVE-2025-6021) RTU500 series CMU Firmware version 13.6.1: Update to CMU Firmware version 13.6.3
Mitigation
(CVE-2023-2953) RTU500 series CMU Firmware version 12.7.1 – 12.7.7: Follow general mitigation factors /workarounds
Mitigation
(CVE-2023-2953, CVE-2025-39203) RTU500 series CMU Firmware version 13.6.1, RTU500 series CMU Firmware version 13.5.1 – 13.5.3, RTU500 series CMU Firmware version 13.7.1 – 13.7.6: Follow general mitigation factors/workarounds.
Mitigation
(CVE-2023-2953, CVE-2024-45490, CVE-2024-45491, CVE-2024-45492, CVE-2024-28757, CVE-2025-6021) RTU500 series CMU Firmware version 13.7.1 – 13.7.6: Update to CMU Firmware version 13.7.7
Mitigation
For more information see the associated Hitachi Energy PSIRT security advisory 8DBD000220 Multiple Vulnerabilities in Hitachi Energy's RTU500 series Product.
https://publisher.hitachienergy.com/preview?Docum…
4.3 (Medium)
Mitigation
Hitachi Energy has identified the following specific workarounds and mitigations users can apply to reduce risk:
Mitigation
(CVE-2023-2953, CVE-2025-39203, CVE-2025-6021) RTU500 series CMU Firmware version 12.7.1 – 12.7.7: Update to CMU Firmware version 12.7.8 when available
Mitigation
(CVE-2023-2953, CVE-2025-39203, CVE-2025-6021) RTU500 series CMU Firmware version 13.5.1 – 13.5.3: Update to CMU Firmware version 13.5.4
Mitigation
(CVE-2023-2953, CVE-2025-39203, CVE-2025-6021) RTU500 series CMU Firmware version 13.6.1: Update to CMU Firmware version 13.6.3
Mitigation
(CVE-2023-2953, CVE-2025-39203) RTU500 series CMU Firmware version 13.6.1, RTU500 series CMU Firmware version 13.5.1 – 13.5.3, RTU500 series CMU Firmware version 13.7.1 – 13.7.6: Follow general mitigation factors/workarounds.
Mitigation
(CVE-2025-39203) RTU500 series CMU Firmware version 12.7.1 – 12.7.7: Follow general mitigation factors/ workarounds.
Mitigation
(CVE-2025-39203) RTU500 series CMU Firmware version 13.4.1 – 13.4.4, RTU500 series CMU Firmware version 13.7.1 – 13.7.6: Update to CMU Firmware version 13.7.7
Mitigation
(CVE-2025-39203) RTU500 series CMU Firmware version 13.4.1 – 13.4.4: Follow General Mitigation Factors/Workarounds.
Mitigation
For more information see the associated Hitachi Energy PSIRT security advisory 8DBD000220 Multiple Vulnerabilities in Hitachi Energy's RTU500 series Product.
https://publisher.hitachienergy.com/preview?Docum…
6.5 (Medium)
Mitigation
Hitachi Energy has identified the following specific workarounds and mitigations users can apply to reduce risk:
Mitigation
(CVE-2023-2953, CVE-2024-45490, CVE-2024-45491, CVE-2024-45492, CVE-2024-28757, CVE-2025-6021) RTU500 series CMU Firmware version 13.7.1 – 13.7.6: Update to CMU Firmware version 13.7.7
Mitigation
(CVE-2024-45490, CVE-2024-45491, CVE-2024-45492, CVE-2024-28757) RTU500 series CMU Firmware version 13.7.1 – 13.7.6: Follow general mitigation factors/workarounds.
Mitigation
For more information see the associated Hitachi Energy PSIRT security advisory 8DBD000220 Multiple Vulnerabilities in Hitachi Energy's RTU500 series Product.
https://publisher.hitachienergy.com/preview?Docum…
6.5 (Medium)
Mitigation
Hitachi Energy has identified the following specific workarounds and mitigations users can apply to reduce risk:
Mitigation
(CVE-2023-2953, CVE-2024-45490, CVE-2024-45491, CVE-2024-45492, CVE-2024-28757, CVE-2025-6021) RTU500 series CMU Firmware version 13.7.1 – 13.7.6: Update to CMU Firmware version 13.7.7
Mitigation
(CVE-2024-45490, CVE-2024-45491, CVE-2024-45492, CVE-2024-28757) RTU500 series CMU Firmware version 13.7.1 – 13.7.6: Follow general mitigation factors/workarounds.
Mitigation
For more information see the associated Hitachi Energy PSIRT security advisory 8DBD000220 Multiple Vulnerabilities in Hitachi Energy's RTU500 series Product.
https://publisher.hitachienergy.com/preview?Docum…
6.5 (Medium)
Mitigation
Hitachi Energy has identified the following specific workarounds and mitigations users can apply to reduce risk:
Mitigation
(CVE-2023-2953, CVE-2024-45490, CVE-2024-45491, CVE-2024-45492, CVE-2024-28757, CVE-2025-6021) RTU500 series CMU Firmware version 13.7.1 – 13.7.6: Update to CMU Firmware version 13.7.7
Mitigation
(CVE-2024-45490, CVE-2024-45491, CVE-2024-45492, CVE-2024-28757) RTU500 series CMU Firmware version 13.7.1 – 13.7.6: Follow general mitigation factors/workarounds.
Mitigation
For more information see the associated Hitachi Energy PSIRT security advisory 8DBD000220 Multiple Vulnerabilities in Hitachi Energy's RTU500 series Product.
https://publisher.hitachienergy.com/preview?Docum…
6.5 (Medium)
Mitigation
Hitachi Energy has identified the following specific workarounds and mitigations users can apply to reduce risk:
Mitigation
(CVE-2023-2953, CVE-2024-45490, CVE-2024-45491, CVE-2024-45492, CVE-2024-28757, CVE-2025-6021) RTU500 series CMU Firmware version 13.7.1 – 13.7.6: Update to CMU Firmware version 13.7.7
Mitigation
(CVE-2024-45490, CVE-2024-45491, CVE-2024-45492, CVE-2024-28757) RTU500 series CMU Firmware version 13.7.1 – 13.7.6: Follow general mitigation factors/workarounds.
Mitigation
For more information see the associated Hitachi Energy PSIRT security advisory 8DBD000220 Multiple Vulnerabilities in Hitachi Energy's RTU500 series Product.
https://publisher.hitachienergy.com/preview?Docum…
6.5 (Medium)
Mitigation
Hitachi Energy has identified the following specific workarounds and mitigations users can apply to reduce risk:
Mitigation
(CVE-2023-2953, CVE-2025-39203, CVE-2025-6021) RTU500 series CMU Firmware version 12.7.1 – 12.7.7: Update to CMU Firmware version 12.7.8 when available
Mitigation
(CVE-2023-2953, CVE-2025-39203, CVE-2025-6021) RTU500 series CMU Firmware version 13.5.1 – 13.5.3: Update to CMU Firmware version 13.5.4
Mitigation
(CVE-2023-2953, CVE-2025-39203, CVE-2025-6021) RTU500 series CMU Firmware version 13.6.1: Update to CMU Firmware version 13.6.3
Mitigation
(CVE-2023-2953, CVE-2024-45490, CVE-2024-45491, CVE-2024-45492, CVE-2024-28757, CVE-2025-6021) RTU500 series CMU Firmware version 13.7.1 – 13.7.6: Update to CMU Firmware version 13.7.7
Mitigation
(CVE-2025-6021) RTU500 series CMU Firmware version 13.6.1, RTU500 series CMU Firmware version 12.7.1 – 12.7.7, RTU500 series CMU Firmware version 13.5.1 – 13.5.3, RTU500 series CMU Firmware version 13.7.1 – 13.7.6: Follow general mitigation factors/workarounds.
Mitigation
For more information see the associated Hitachi Energy PSIRT security advisory 8DBD000220 Multiple Vulnerabilities in Hitachi Energy's RTU500 series Product.
https://publisher.hitachienergy.com/preview?Docum…
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Acknowledgments
Hitachi Energy
{
"document": {
"acknowledgments": [
{
"organization": "Hitachi Energy",
"summary": "reporting these vulnerabilities to CISA"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "Successful exploitation of these vulnerabilities could cause a Denial-of-Service condition in RTU500 devices.",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Energy",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Switzerland",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolating them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also recommends users take the following measures to protect themselves from social engineering attacks:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Do not click web links or open attachments in unsolicited email messages.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-25-259-02 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2025/icsa-25-259-02.json"
},
{
"category": "self",
"summary": "ICSA Advisory ICSA-25-259-02 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-259-02"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ncas/tips/ST04-014"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Hitachi Energy RTU500 series",
"tracking": {
"current_release_date": "2025-09-16T06:00:00.000000Z",
"generator": {
"date": "2025-09-16T16:34:27.765108Z",
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-25-259-02",
"initial_release_date": "2025-09-16T06:00:00.000000Z",
"revision_history": [
{
"date": "2025-09-16T06:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "Initial Publication"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "13.6.1",
"product": {
"name": "Hitachi Energy Hitachi Energy RTU500 series: 13.6.1",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "Hitachi Energy RTU500 series"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=12.7.1|\u003c=12.7.7",
"product": {
"name": "Hitachi Energy Hitachi Energy RTU500 series: \u003e=12.7.1|\u003c=12.7.7",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "Hitachi Energy RTU500 series"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=13.4.1|\u003c=13.4.4",
"product": {
"name": "Hitachi Energy Hitachi Energy RTU500 series: \u003e=13.4.1|\u003c=13.4.4",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "Hitachi Energy RTU500 series"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=13.5.1|\u003c=13.5.3",
"product": {
"name": "Hitachi Energy Hitachi Energy RTU500 series: \u003e=13.5.1|\u003c=13.5.3",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "Hitachi Energy RTU500 series"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=13.7.1|\u003c=13.7.6",
"product": {
"name": "Hitachi Energy Hitachi Energy RTU500 series: \u003e=13.7.1|\u003c=13.7.6",
"product_id": "CSAFPID-0005"
}
}
],
"category": "product_name",
"name": "Hitachi Energy RTU500 series"
}
],
"category": "vendor",
"name": "Hitachi Energy"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-2953",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability has been identified in the openLDAP library used in Central Account Management (CAM) client. This issue can lead to a Denial of Service (DoS) condition when a specially crafted request may cause a null pointer to dereference, resulting in affected CMU to automatically recovering itself by rebooting.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2953"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy has identified the following specific workarounds and mitigations users can apply to reduce risk:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "(CVE-2023-2953, CVE-2025-39203, CVE-2025-6021) RTU500 series CMU Firmware version 12.7.1 \u2013 12.7.7: Update to CMU Firmware version 12.7.8 when available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "(CVE-2023-2953, CVE-2025-39203, CVE-2025-6021) RTU500 series CMU Firmware version 13.5.1 \u2013 13.5.3: Update to CMU Firmware version 13.5.4",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "(CVE-2023-2953, CVE-2025-39203, CVE-2025-6021) RTU500 series CMU Firmware version 13.6.1: Update to CMU Firmware version 13.6.3",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "(CVE-2023-2953) RTU500 series CMU Firmware version 12.7.1 \u2013 12.7.7: Follow general mitigation factors /workarounds",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "(CVE-2023-2953, CVE-2025-39203) RTU500 series CMU Firmware version 13.6.1, RTU500 series CMU Firmware version 13.5.1 \u2013 13.5.3, RTU500 series CMU Firmware version 13.7.1 \u2013 13.7.6: Follow general mitigation factors/workarounds.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "(CVE-2023-2953, CVE-2024-45490, CVE-2024-45491, CVE-2024-45492, CVE-2024-28757, CVE-2025-6021) RTU500 series CMU Firmware version 13.7.1 \u2013 13.7.6: Update to CMU Firmware version 13.7.7",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "For more information see the associated Hitachi Energy PSIRT security advisory 8DBD000220 Multiple Vulnerabilities in Hitachi Energy\u0027s RTU500 series Product.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004",
"CSAFPID-0005"
],
"url": "https://publisher.hitachienergy.com/preview?DocumentID=8DBD000220\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=launch"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
]
},
{
"cve": "CVE-2025-39203",
"cwe": {
"id": "CWE-354",
"name": "Improper Validation of Integrity Check Value"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability exists in the IEC 61850 protocol of the RTU500 product series. An IEC 61850-8 crafted message content from a device (e.g. an IED) or remote system can cause a Denial of Service (DoS) resulting in disconnection of the device to the RTU 500 until next reboot.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39203"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy has identified the following specific workarounds and mitigations users can apply to reduce risk:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "(CVE-2023-2953, CVE-2025-39203, CVE-2025-6021) RTU500 series CMU Firmware version 12.7.1 \u2013 12.7.7: Update to CMU Firmware version 12.7.8 when available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "(CVE-2023-2953, CVE-2025-39203, CVE-2025-6021) RTU500 series CMU Firmware version 13.5.1 \u2013 13.5.3: Update to CMU Firmware version 13.5.4",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "(CVE-2023-2953, CVE-2025-39203, CVE-2025-6021) RTU500 series CMU Firmware version 13.6.1: Update to CMU Firmware version 13.6.3",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "(CVE-2023-2953, CVE-2025-39203) RTU500 series CMU Firmware version 13.6.1, RTU500 series CMU Firmware version 13.5.1 \u2013 13.5.3, RTU500 series CMU Firmware version 13.7.1 \u2013 13.7.6: Follow general mitigation factors/workarounds.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "(CVE-2025-39203) RTU500 series CMU Firmware version 12.7.1 \u2013 12.7.7: Follow general mitigation factors/ workarounds.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "(CVE-2025-39203) RTU500 series CMU Firmware version 13.4.1 \u2013 13.4.4, RTU500 series CMU Firmware version 13.7.1 \u2013 13.7.6: Update to CMU Firmware version 13.7.7",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "(CVE-2025-39203) RTU500 series CMU Firmware version 13.4.1 \u2013 13.4.4: Follow General Mitigation Factors/Workarounds.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "For more information see the associated Hitachi Energy PSIRT security advisory 8DBD000220 Multiple Vulnerabilities in Hitachi Energy\u0027s RTU500 series Product.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
],
"url": "https://publisher.hitachienergy.com/preview?DocumentID=8DBD000220\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=launch"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
]
},
{
"cve": "CVE-2024-45490",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability has been identified in the libexpat library used in IEC 61850 client and server components of the RTU500 product series. An authenticated and authorized malicious user could load a crafted XML input which may lead to memory mismanagement potentially causing RTU500 to reboot.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45490"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy has identified the following specific workarounds and mitigations users can apply to reduce risk:",
"product_ids": [
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "(CVE-2023-2953, CVE-2024-45490, CVE-2024-45491, CVE-2024-45492, CVE-2024-28757, CVE-2025-6021) RTU500 series CMU Firmware version 13.7.1 \u2013 13.7.6: Update to CMU Firmware version 13.7.7",
"product_ids": [
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "(CVE-2024-45490, CVE-2024-45491, CVE-2024-45492, CVE-2024-28757) RTU500 series CMU Firmware version 13.7.1 \u2013 13.7.6: Follow general mitigation factors/workarounds.",
"product_ids": [
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "For more information see the associated Hitachi Energy PSIRT security advisory 8DBD000220 Multiple Vulnerabilities in Hitachi Energy\u0027s RTU500 series Product.",
"product_ids": [
"CSAFPID-0005"
],
"url": "https://publisher.hitachienergy.com/preview?DocumentID=8DBD000220\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=launch"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0005"
]
}
]
},
{
"cve": "CVE-2024-45491",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability has been identified in libexpat library used in the IEC 61850 client and server components of the RTU500 product series. An authenticated and authorized malicious user could load a crafted XML input which may lead to heap corruption potentially causing RTU500 to reboot.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45491"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy has identified the following specific workarounds and mitigations users can apply to reduce risk:",
"product_ids": [
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "(CVE-2023-2953, CVE-2024-45490, CVE-2024-45491, CVE-2024-45492, CVE-2024-28757, CVE-2025-6021) RTU500 series CMU Firmware version 13.7.1 \u2013 13.7.6: Update to CMU Firmware version 13.7.7",
"product_ids": [
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "(CVE-2024-45490, CVE-2024-45491, CVE-2024-45492, CVE-2024-28757) RTU500 series CMU Firmware version 13.7.1 \u2013 13.7.6: Follow general mitigation factors/workarounds.",
"product_ids": [
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "For more information see the associated Hitachi Energy PSIRT security advisory 8DBD000220 Multiple Vulnerabilities in Hitachi Energy\u0027s RTU500 series Product.",
"product_ids": [
"CSAFPID-0005"
],
"url": "https://publisher.hitachienergy.com/preview?DocumentID=8DBD000220\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=launch"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0005"
]
}
]
},
{
"cve": "CVE-2024-45492",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability has been identified in libexpat library used in the IEC 61850 client and server components of the RTU500 product series. An authenticated and authorized malicious user could load a crafted XML input which leads to an integer overflow potentially causing RTU500 to reboot.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45492"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy has identified the following specific workarounds and mitigations users can apply to reduce risk:",
"product_ids": [
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "(CVE-2023-2953, CVE-2024-45490, CVE-2024-45491, CVE-2024-45492, CVE-2024-28757, CVE-2025-6021) RTU500 series CMU Firmware version 13.7.1 \u2013 13.7.6: Update to CMU Firmware version 13.7.7",
"product_ids": [
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "(CVE-2024-45490, CVE-2024-45491, CVE-2024-45492, CVE-2024-28757) RTU500 series CMU Firmware version 13.7.1 \u2013 13.7.6: Follow general mitigation factors/workarounds.",
"product_ids": [
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "For more information see the associated Hitachi Energy PSIRT security advisory 8DBD000220 Multiple Vulnerabilities in Hitachi Energy\u0027s RTU500 series Product.",
"product_ids": [
"CSAFPID-0005"
],
"url": "https://publisher.hitachienergy.com/preview?DocumentID=8DBD000220\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=launch"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0005"
]
}
]
},
{
"cve": "CVE-2024-28757",
"cwe": {
"id": "CWE-776",
"name": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability has been identified in libexpat library used in the IEC 61850 client and server components of the RTU500 product series. An authenticated and authorized malicious user could load a crafted XML input which may lead to a memory mismanagement potentially causing RTU500 to reboot.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28757"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy has identified the following specific workarounds and mitigations users can apply to reduce risk:",
"product_ids": [
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "(CVE-2023-2953, CVE-2024-45490, CVE-2024-45491, CVE-2024-45492, CVE-2024-28757, CVE-2025-6021) RTU500 series CMU Firmware version 13.7.1 \u2013 13.7.6: Update to CMU Firmware version 13.7.7",
"product_ids": [
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "(CVE-2024-45490, CVE-2024-45491, CVE-2024-45492, CVE-2024-28757) RTU500 series CMU Firmware version 13.7.1 \u2013 13.7.6: Follow general mitigation factors/workarounds.",
"product_ids": [
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "For more information see the associated Hitachi Energy PSIRT security advisory 8DBD000220 Multiple Vulnerabilities in Hitachi Energy\u0027s RTU500 series Product.",
"product_ids": [
"CSAFPID-0005"
],
"url": "https://publisher.hitachienergy.com/preview?DocumentID=8DBD000220\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=launch"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0005"
]
}
]
},
{
"cve": "CVE-2025-6021",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability exists in libxml library used by RTU500 Web server functionality. An authenticated and authorized malicious user could send a crafted XML message which may lead to buffer overflow potentially causing RTU500 to reboot.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6021"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy has identified the following specific workarounds and mitigations users can apply to reduce risk:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "(CVE-2023-2953, CVE-2025-39203, CVE-2025-6021) RTU500 series CMU Firmware version 12.7.1 \u2013 12.7.7: Update to CMU Firmware version 12.7.8 when available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "(CVE-2023-2953, CVE-2025-39203, CVE-2025-6021) RTU500 series CMU Firmware version 13.5.1 \u2013 13.5.3: Update to CMU Firmware version 13.5.4",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "(CVE-2023-2953, CVE-2025-39203, CVE-2025-6021) RTU500 series CMU Firmware version 13.6.1: Update to CMU Firmware version 13.6.3",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "(CVE-2023-2953, CVE-2024-45490, CVE-2024-45491, CVE-2024-45492, CVE-2024-28757, CVE-2025-6021) RTU500 series CMU Firmware version 13.7.1 \u2013 13.7.6: Update to CMU Firmware version 13.7.7",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "(CVE-2025-6021) RTU500 series CMU Firmware version 13.6.1, RTU500 series CMU Firmware version 12.7.1 \u2013 12.7.7, RTU500 series CMU Firmware version 13.5.1 \u2013 13.5.3, RTU500 series CMU Firmware version 13.7.1 \u2013 13.7.6: Follow general mitigation factors/workarounds.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "For more information see the associated Hitachi Energy PSIRT security advisory 8DBD000220 Multiple Vulnerabilities in Hitachi Energy\u0027s RTU500 series Product.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004",
"CSAFPID-0005"
],
"url": "https://publisher.hitachienergy.com/preview?DocumentID=8DBD000220\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=launch"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
]
}
]
}
ICSA-25-289-11
Vulnerability from csaf_cisa - Published: 2025-09-30 12:50 - Updated: 2025-09-30 12:50Summary
Hitachi Energy MACH GWS
Severity
Medium
Notes
Summary: Hitachi Energy is aware of these vulnerabilities that affect the MACH GWS product versions listed in this document. An attacker successfully exploiting these vulnerabilities can cause confidentiality, integrity and availability impacts. Please refer to the Recommended Immediate Actions for information about the mitigation/remediation.
Notice: The information in this document is subject to change without notice and should not be construed as a commitment by Hitachi Energy. Hitachi Energy provides no warranty, express or implied, including warranties of merchantability and fitness for a particular purpose, for the information contained in this document, and assumes no responsibility for any errors that may appear in this document. In no event shall Hitachi Energy or any of its suppliers be liable for direct, indirect, special, incidental or consequential damages of any nature or kind arising from the use of this document, or from the use of any hardware or software described in this document, even if Hitachi Energy or its suppliers have been advised of the possibility of such damages. This document and parts hereof must not be reproduced or copied without written permission from Hitachi Energy and the contents hereof must not be imparted to a third party nor used for any unauthorized purpose. All rights to registrations and trademarks reside with their respective owners.
Support: For additional information and support please contact your product provider or Hitachi Energy service organization. For contact information, see https://www.hitachienergy.com/contact-us/ for Hitachi Energy contact-centers.
General Mitigation Factors: Recommended security practices and firewall configurations can help protect a process control network from attacks that originate from outside the network. Such practices include that process control systems are physically protected from direct access by unauthorized personnel, have no direct connections to the Internet, and are separated from other networks by means of a firewall system that has a minimal number of ports exposed, and others that have to be evaluated case by case. Process control systems should not be used for Internet surfing, instant messaging, or receiving e-mails. Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system. Proper password policies and processes should be followed. It is highly recommended to deploy the product following the “GWS deployment guideline” document. Customers should maintain their systems with products running on supported versions and follow maintenance releases.
Legal Notice and Terms of Use: This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).
Advisory Conversion Disclaimer: This ICSA is a verbatim republication of Hitachi Energy PSIRT 8DBD000222 from a direct conversion of the vendor's Common Security Advisory Framework (CSAF) advisory. This is republished to CISA's website as a means of increasing visibility and is provided "as-is" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Hitachi Energy PSIRT directly for any questions regarding this advisory.
Critical infrastructure sectors: Energy
Countries/areas deployed: Worldwide
Company headquarters location: Switzerland
Recommended Practices: CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.
Recommended Practices: Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices: Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices: When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices: CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices: Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
A vulnerability exists in MACH GWS product. If exploited this could allow a local unauthenticated attacker to tamper a system file, making denial of Notify service.
6.1 (Medium)
Vendor Fix
Upgrade to version 3.5
Mitigation
Apply general mitigation factors
A vulnerability exists in the IEC 61850 of the MACH GWS product. An IEC 61850-8 crafted message content from IED or remote system can cause a denial of service resulting in disconnection loop.
6.5 (Medium)
Vendor Fix
Upgrade to version 3.5
Mitigation
Apply general mitigation factors
A vulnerability exists in the IEC 61850 in MACH GWS product. The certificate validation of the TLS protocol allows remote Man-in-the-Middle attack due to missing proper validation.
6.5 (Medium)
Vendor Fix
Upgrade to version 3.5
Mitigation
Apply general mitigation factors
References
| URL | Category | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
Acknowledgments
Hitachi Energy PSIRT
{
"document": {
"acknowledgments": [
{
"organization": "Hitachi Energy PSIRT",
"summary": "reporting these vulnerabilities to CISA."
}
],
"aggregate_severity": {
"namespace": "https://www.first.org/cvss/specification-document",
"text": "MEDIUM"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://www.cisa.gov/news-events/news/traffic-light-protocol-tlp-definitions-and-usage"
}
},
"lang": "en-US",
"notes": [
{
"category": "summary",
"text": "Hitachi Energy is aware of these vulnerabilities that affect the MACH GWS product versions listed in this document. An attacker successfully exploiting these vulnerabilities can cause confidentiality, integrity and availability impacts. Please refer to the Recommended Immediate Actions for information about the mitigation/remediation.",
"title": "Summary"
},
{
"category": "legal_disclaimer",
"text": "The information in this document is subject to change without notice and should not be construed as a commitment by Hitachi Energy. Hitachi Energy provides no warranty, express or implied, including warranties of merchantability and fitness for a particular purpose, for the information contained in this document, and assumes no responsibility for any errors that may appear in this document. In no event shall Hitachi Energy or any of its suppliers be liable for direct, indirect, special, incidental or consequential damages of any nature or kind arising from the use of this document, or from the use of any hardware or software described in this document, even if Hitachi Energy or its suppliers have been advised of the possibility of such damages. This document and parts hereof must not be reproduced or copied without written permission from Hitachi Energy and the contents hereof must not be imparted to a third party nor used for any unauthorized purpose. All rights to registrations and trademarks reside with their respective owners.",
"title": "Notice"
},
{
"category": "general",
"text": "For additional information and support please contact your product provider or Hitachi Energy service organization. For contact information, see https://www.hitachienergy.com/contact-us/ for Hitachi Energy contact-centers.",
"title": "Support"
},
{
"category": "general",
"text": "Recommended security practices and firewall configurations can help protect a process control network from attacks that originate from outside the network. Such practices include that process control systems are physically protected from direct access by unauthorized personnel, have no direct connections to the Internet, and are separated from other networks by means of a firewall system that has a minimal number of ports exposed, and others that have to be evaluated case by case. Process control systems should not be used for Internet surfing, instant messaging, or receiving e-mails. Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system. Proper password policies and processes should be followed. It is highly recommended to deploy the product following the \u201cGWS deployment guideline\u201d document. Customers should maintain their systems with products running on supported versions and follow maintenance releases.",
"title": "General Mitigation Factors"
},
{
"category": "legal_disclaimer",
"text": "This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy \u0026 Use policy (https://www.cisa.gov/privacy-policy).",
"title": "Legal Notice and Terms of Use"
},
{
"category": "other",
"text": "This ICSA is a verbatim republication of Hitachi Energy PSIRT 8DBD000222 from a direct conversion of the vendor\u0027s Common Security Advisory Framework (CSAF) advisory. This is republished to CISA\u0027s website as a means of increasing visibility and is provided \"as-is\" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Hitachi Energy PSIRT directly for any questions regarding this advisory.",
"title": "Advisory Conversion Disclaimer"
},
{
"category": "other",
"text": "Energy",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Switzerland",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "other",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-25-289-11 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2025/icsa-25-289-11.json"
},
{
"category": "self",
"summary": "Multiple vulnerabilities in Hitachi Energy MACH GWS product",
"url": "https://publisher.hitachienergy.com/preview?DocumentID=8DBD000222\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=launch"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-25-289-11 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-289-11"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/news-events/ics-alerts/ics-alert-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/news-events/news/targeted-cyber-intrusion-detection-and-mitigation-strategies-update-b"
}
],
"title": "Hitachi Energy MACH GWS",
"tracking": {
"current_release_date": "2025-09-30T12:50:29.000000Z",
"generator": {
"date": "2025-10-16T21:58:10.018746Z",
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-25-289-11",
"initial_release_date": "2025-09-30T12:50:29.000000Z",
"revision_history": [
{
"date": "2025-09-30T12:50:29.000000Z",
"number": "1",
"summary": "Initial version."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003e=3.0.0.0|\u003c=3.4.0.0",
"product": {
"name": "MACH GWS 3.0.0.0 to 3.4.0.0",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "MACH GWS"
}
],
"category": "vendor",
"name": "Hitachi Energy"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-39201",
"cwe": {
"id": "CWE-276",
"name": "Incorrect Default Permissions"
},
"notes": [
{
"category": "description",
"text": "A vulnerability exists in MACH GWS product. If exploited this could allow a local unauthenticated attacker to tamper a system file, making denial of Notify service."
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2025-39201",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-39201"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Upgrade to version 3.5",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Apply general mitigation factors",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 6.1,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 6.1,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2025-39203",
"cwe": {
"id": "CWE-354",
"name": "Improper Validation of Integrity Check Value"
},
"notes": [
{
"category": "description",
"text": "A vulnerability exists in the IEC 61850 of the MACH GWS product. An IEC 61850-8 crafted message content from IED or remote system can cause a denial of service resulting in disconnection loop."
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2025-39203",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-39203"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Upgrade to version 3.5",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Apply general mitigation factors",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2025-39205",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"notes": [
{
"category": "description",
"text": "A vulnerability exists in the IEC 61850 in MACH GWS product. The certificate validation of the TLS protocol allows remote Man-in-the-Middle attack due to missing proper validation."
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2025-39205",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-39205"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Upgrade to version 3.5",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Apply general mitigation factors",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
}
]
}
BDU:2025-07719
Vulnerability from fstec - Published: 24.06.2025
VLAI Severity ?
Title
Уязвимость клиента IEC 61850 Client программного средства системы контроля и управления оборудованием Hitachi Energy MicroSCADA X SYS600, позволяющая нарушителю вызвать отказ в обслуживании
Description
Уязвимость клиента IEC 61850 Client программного средства системы контроля и управления оборудованием Hitachi Energy MicroSCADA X SYS600 связана с неправильной проверкой значения целостности. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании
Severity ?
Vendor
Hitachi, Ltd.
Software Name
Hitachi Energy MicroSCADA X SYS600
Software Version
от 10.5 до 10.6 включительно (Hitachi Energy MicroSCADA X SYS600)
Possible Mitigations
Использование рекомендаций производителя:
https://publisher.hitachienergy.com/preview?DocumentID=8DBD000218&LanguageCode=en&DocumentPartId=&Action=Launch
Reference
https://nvd.nist.gov/vuln/detail/CVE-2025-39203
https://publisher.hitachienergy.com/preview?DocumentID=8DBD000218&LanguageCode=en&DocumentPartId=&Action=Launch
CWE
CWE-354
{
"CVSS 2.0": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CVSS 4.0": "AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H",
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Hitachi, Ltd.",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u043e\u0442 10.5 \u0434\u043e 10.6 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Hitachi Energy MicroSCADA X SYS600)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://publisher.hitachienergy.com/preview?DocumentID=8DBD000218\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "24.06.2025",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "30.06.2025",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "30.06.2025",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-07719",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2025-39203",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Hitachi Energy MicroSCADA X SYS600",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043b\u0438\u0435\u043d\u0442\u0430 IEC 61850 Client \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u0438 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043e\u0431\u043e\u0440\u0443\u0434\u043e\u0432\u0430\u043d\u0438\u0435\u043c Hitachi Energy MicroSCADA X SYS600, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0435 \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0438\u0435 \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u0438 (CWE-354)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043b\u0438\u0435\u043d\u0442\u0430 IEC 61850 Client \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u0438 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043e\u0431\u043e\u0440\u0443\u0434\u043e\u0432\u0430\u043d\u0438\u0435\u043c Hitachi Energy MicroSCADA X SYS600 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u044f \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041f\u043e\u0434\u043c\u0435\u043d\u0430 \u043f\u0440\u0438 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://nvd.nist.gov/vuln/detail/CVE-2025-39203\nhttps://publisher.hitachienergy.com/preview?DocumentID=8DBD000218\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0410\u0421\u0423 \u0422\u041f",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-354",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,8)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,5)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS 4.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,3)"
}
FKIE_CVE-2025-39203
Vulnerability from fkie_nvd - Published: 2025-06-24 12:15 - Updated: 2026-01-26 18:45
Severity ?
Summary
A vulnerability exists in the IEC 61850 of the MicroSCADA X SYS600 product. An IEC 61850-8 crafted message content from IED or remote system can cause a denial of service resulting in disconnection loop.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hitachienergy | microscada_x_sys600 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hitachienergy:microscada_x_sys600:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA1AD5E0-B025-436C-BD0A-83865A6A0372",
"versionEndExcluding": "10.7",
"versionStartIncluding": "10.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability exists in the IEC 61850 of the MicroSCADA X SYS600 product. An IEC 61850-8 crafted message content from IED or remote system can cause a denial of service resulting in disconnection loop."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad en la norma IEC 61850 del producto MicroSCADA X SYS600. Un mensaje IEC 61850-8 manipulado desde un dispositivo electr\u00f3nico (IED) o un sistema remoto puede causar una denegaci\u00f3n de servicio que genere un bucle de desconexi\u00f3n."
}
],
"id": "CVE-2025-39203",
"lastModified": "2026-01-26T18:45:18.483",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "cybersecurity@hitachienergy.com",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cybersecurity@hitachienergy.com",
"type": "Secondary"
}
]
},
"published": "2025-06-24T12:15:21.380",
"references": [
{
"source": "cybersecurity@hitachienergy.com",
"tags": [
"Vendor Advisory"
],
"url": "https://publisher.hitachienergy.com/preview?DocumentID=8DBD000218\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"sourceIdentifier": "cybersecurity@hitachienergy.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-354"
}
],
"source": "cybersecurity@hitachienergy.com",
"type": "Secondary"
}
]
}
GHSA-8JWM-Q5XV-G48G
Vulnerability from github – Published: 2025-06-24 12:30 – Updated: 2025-06-26 21:31
VLAI?
Details
A vulnerability exists in the IEC 61850 of the MicroSCADA X SYS600 product. An IEC 61850-8 crafted message content from IED or remote system can cause a denial of service resulting in disconnection loop.
Severity ?
{
"affected": [],
"aliases": [
"CVE-2025-39203"
],
"database_specific": {
"cwe_ids": [
"CWE-354"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-24T12:15:21Z",
"severity": "HIGH"
},
"details": "A vulnerability exists in the IEC 61850 of the MicroSCADA X SYS600 product. An IEC 61850-8 crafted message content from IED or remote system can cause a denial of service resulting in disconnection loop.",
"id": "GHSA-8jwm-q5xv-g48g",
"modified": "2025-06-26T21:31:05Z",
"published": "2025-06-24T12:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-39203"
},
{
"type": "WEB",
"url": "https://publisher.hitachienergy.com/preview?DocumentID=8DBD000218\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…