Hitachi Energy MicroSCADA Pro X SYS600

Plan Patch7.5ICS-CERT ICSA-22-272-02Sep 29, 2022

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Hitachi Energy SYS600 versions 9.x and 10.3.1 and earlier contain a vulnerability (CWE-1357) that allows remote attackers without authentication to trigger a denial of service condition. Successful exploitation causes affected modules in the SYS600 system to stop working. The vulnerability is exploitable remotely with low attack complexity.

What this means

What could happen

An attacker could remotely trigger a denial of service condition, causing affected SYS600 modules to stop functioning and interrupting monitoring and control of energy distribution systems.

Who's at risk

Energy utilities and operators managing Hitachi Energy MicroSCADA Pro X SYS600 systems used for power grid monitoring and control. This includes any organization relying on SYS600 9.x or 10.3.1 versions for real-time energy distribution and SCADA operations.

How it could be exploited

An attacker with network access to the SYS600 system can send crafted network traffic to trigger the vulnerability without authentication, causing the modules to crash or become unresponsive. No user interaction is required.

Prerequisites

Network access to SYS600 system on the network
No credentials or authentication required
System running vulnerable version (9.x or 10.3.1 and earlier)

remotely exploitableno authentication requiredlow complexitydenial of service impact on critical infrastructurevulnerable versions still in use

Exploitability

Moderate exploit probability (EPSS 8.3%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

SYS600: 9.x versions9.x10.4

SYS600: 10.3.1 and earlier≤ 10.3.110.4

Remediation & Mitigation

0/6

Do now

0/1

WORKAROUNDImplement firewall rules to restrict network access to SYS600 systems, allowing only necessary administrative and operational traffic

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade SYS600 9.4 to version 10.4 or later

HOTFIXUpgrade SYS600 10.x to version 10.4 or later

Long-term hardening

0/3

HARDENINGIsolate SYS600 systems from the internet and business networks using network segmentation and firewalls

HARDENINGImplement physical access controls to prevent unauthorized direct access to SYS600 hardware

HARDENINGReview and follow Hitachi Energy Cyber Security Deployment Guidelines (1MRK511518) for secure configuration

CVEs (2)

CVE-2020-25692 CVE-2022-0778

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/08ced356-e987-4c6f-b59b-047f21358024