Hitachi Energy Relion 670, 650 and SAM600-IO
MonitorCVSS 7.5ICS-CERT ICSA-21-096-01Apr 6, 2021
ABBHitachi EnergyEnergy
Attack path
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
This advisory addresses an input validation failure (CWE-20) in Hitachi Energy Relion 670, 650, and SAM600-IO series devices. The vulnerability allows remote attackers to cause a denial of service condition by sending malformed inputs to the device, causing it to crash or hang and stop performing protection and monitoring functions. Affected versions range from version 1.1 through 2.2.3 across the Relion product family. Hitachi Energy has released patched revisions for most product versions; legacy versions 1.1 require either mitigation or upgrade to newer products.
What this means
What could happen
An attacker can crash or hang these protection relays remotely, causing them to stop monitoring power grid conditions and potentially allowing uncontrolled power distribution faults or cascading blackouts. Recovery requires manual intervention and device restart.
Who's at risk
Electrical utilities operating Hitachi Energy Relion 670 and 650 series protection relays, and facilities using SAM600-IO input/output modules. These are critical protection and control devices in substations and generation facilities; their failure directly impacts grid stability and customer power delivery.
How it could be exploited
An attacker with network access to the Relion device's management interface can send a malformed input that causes an input validation failure, triggering a denial of service condition that freezes or crashes the relay. This could be done from an adjacent network segment or from compromised utility systems.
Prerequisites
- Network access to the Relion device's management or communications port (typically Modbus TCP or similar industrial protocol ports)
- No authentication required for the vulnerable input handling
- Device must be reachable from an attacker-controlled network or compromised system on the same utility network
remotely exploitableno authentication requiredlow complexityaffects safety and critical infrastructurehigh impact on physical operations
Exploitability
Some exploitation risk — EPSS score 1.1%
Affected products (4)
4 pending
ProductAffected VersionsFix Status
Relion 670 series: 1.1 | 1.2.3 | 2.0 | 2.1 | 2.2.2 | 2.2.31.1 | 1.2.3 | 2.0 | 2.1 | 2.2.2 | 2.2.3No fix yet
Relion 670/650 series:Version 2.2.0No fix yet
Relion 670/650/SAM600-IO series:Version 2.2.1No fix yet
Relion 650 series: 1.1 | 1.2 | 1.31.1 | 1.2 | 1.3No fix yet
Remediation & Mitigation
0/13
Do now
0/1WORKAROUNDImplement firewall rules to restrict network access to Relion device management and communications ports to authorized engineering workstations and SCADA servers only
Schedule — requires maintenance window
0/9Patching may require device reboot — plan for process interruption
HOTFIXUpgrade Relion 670 series version 1.2.3 to revision 670 1.2.3.20 or later
HOTFIXUpgrade Relion 670 series version 2.0 to revision 670 2.0.0.13 or later
HOTFIXUpgrade Relion 670 series version 2.1 to revision 670 2.1.0.5 or later
HOTFIXUpgrade Relion 670/650 series version 2.2.0 to revision 670 2.2.0.13 or later
HOTFIXUpgrade Relion 670/650/SAM600-IO series version 2.2.1 to revision 670 2.2.1.6 or later
HOTFIXUpgrade Relion 670 series version 2.2.2 to revision 670 2.2.2.3 or later
HOTFIXUpgrade Relion 670 series version 2.2.3 to revision 670 2.2.3.2 or later
HOTFIXUpgrade Relion 650 series version 1.3 to revision 650 1.3.0.7 or later
HOTFIXFor Relion 670 series version 1.1 and Relion 650 series versions 1.1 and 1.2, contact Hitachi Energy for patches or upgrade instructions since no direct fixes are available for these legacy versions
Long-term hardening
0/3HARDENINGSeparate Relion protection relays from direct internet connectivity and other non-utility networks using a demilitarized zone (DMZ) or air-gap where possible
HARDENINGImplement network segmentation to isolate protection relay networks from business networks and limit data flows to only necessary industrial protocols
HARDENINGDisable unnecessary services and ports on Relion devices to reduce the attack surface
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/fe1edaa8-a7d7-4d0e-895a-71b304732ab7Get OT security insights every Tuesday
Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.