Hitachi Energy MicroSCADA Pro/X SYS600

Act Now8.8ICS-CERT ICSA-22-111-03Apr 21, 2022

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Hitachi Energy SYS600 versions up to 10.2.1 contain multiple vulnerabilities (CWE-203, CWE-444, CWE-120, CWE-295, CWE-119, CWE-200) in input validation, SSL/TLS certificate handling, buffer management, and authentication logic. Successful exploitation by an authenticated attacker could allow eavesdropping on inter-system traffic, unauthorized information disclosure, or denial-of-service conditions against the control system.

What this means

What could happen

An attacker with network access and valid credentials could intercept traffic between networked systems, gain unauthorized access to sensitive information, or disrupt the SYS600 control system availability, affecting grid operations or transportation monitoring.

Who's at risk

Energy and transportation operators using Hitachi Energy SYS600 control systems for grid management, substation automation, or transportation monitoring should prioritize remediation. Affected versions include all instances up to and including 10.2.1; version 10.3 or later is required for a fix.

How it could be exploited

An attacker with network access to the SYS600 and valid login credentials could exploit flaws in input validation, SSL/TLS handling, or authentication logic to intercept encrypted communications, read protected data, or inject malicious commands that degrade or halt system availability.

Prerequisites

Network access to SYS600 system (internal network or compromised perimeter device)
Valid user account credentials for the SYS600 interface
Understanding of SYS600 communication protocols and authentication mechanisms

remotely exploitablerequires valid credentialshigh CVSS score (8.8)high EPSS score (11.9%)affects control system availabilityno patch available for many deployed versionsaffects critical energy and transportation sectors

Exploitability

High exploit probability (EPSS 11.9%)

Affected products (3)

3 with fix

ProductAffected VersionsFix Status

SYS600:≤ 10.1.110.3 or later

SYS600:≤ 9.4 FP1 | ≥ 10.2.110.3 or later

SYS600:≥ 10.0.0 | ≤ 10.2.110.3 or later

Remediation & Mitigation

0/7

Do now

0/4

HARDENINGIsolate SYS600 systems behind a firewall with minimal exposed ports; block direct Internet access

HARDENINGImplement network segmentation to separate SYS600 from business network systems

HARDENINGEnforce access controls: restrict user accounts to engineering/operations staff only; disable unnecessary login accounts

WORKAROUNDScan portable media and external devices for malware before connecting to SYS600 network

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXContact Hitachi Energy technical support or sales office to obtain and deploy SYS600 version 10.3 or later

HARDENINGFor remote access, deploy VPN with current patches and strong authentication; limit remote sessions to authorized personnel

Long-term hardening

0/1

HARDENINGProhibit Internet browsing, email, and instant messaging on SYS600 terminals

CVEs (9)

CVE-2020-1968 CVE-2020-8265 CVE-2020-8287 CVE-2020-8201 CVE-2020-8252 CVE-2020-8172 CVE-2020-8174 CVE-2021-32027 CVE-2021-32028

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/f74b1770-f670-4753-abaf-35dec34e7e1f