OTPulse
FeedAboutContact

Hitachi Energy MicroSCADA Pro/X SYS600 Products (Update A)

Plan Patch8.8ICS-CERT ICSA-22-333-03Nov 29, 2022
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary

Hitachi Energy SYS600 Pro/X versions up to 10.4 and 9.4_FP2_Hotfix_4 contain an improper privilege handling vulnerability (CWE-1173) that allows an unauthorized user with local workstation access to execute administrator-level scripts. Successful exploitation could allow an attacker to run system commands with elevated privileges, potentially altering process setpoints, configuration, or operational parameters. The vulnerability affects both SYS600 9.x and 10.x product lines.

What this means
What could happen
An attacker with local access to a SYS600 workstation could run administrator-level scripts to modify control system settings, alter process parameters, or disrupt grid operations. This affects energy management and monitoring across generation, transmission, and distribution systems.
Who's at risk
Operators of Hitachi Energy SYS600 Pro/X energy management systems used in generation control, transmission grid management, and distribution automation should care. This affects engineering workstations and HMI stations running SYS600 versions 9.x through 10.x that are used to monitor and control power systems.
How it could be exploited
An attacker with local access to a SYS600 engineering workstation or HMI station can exploit improper privilege handling to execute administrator-level scripts without elevated credentials. The vulnerability requires the attacker to first gain access to the workstation (via physical access, compromised credentials, or network-accessible workstations), then execute a script that runs with administrator privileges.
Prerequisites
  • Local access to a SYS600 workstation (physical or via compromised user credentials)
  • Ability to execute scripts on the affected workstation
  • SYS600 9.x version ≤9.4_FP2_Hotfix_4 or SYS600 10.x version ≤10.4
Low complexity exploitationLocal access required (limits internet-based attack)No authentication bypass—requires workstation accessAffects engineering controls (high impact if compromised)End-of-life product status (SYS600 9.x may not receive patches)
Exploitability
Low exploit probability (EPSS 0.3%)
Affected products (2)
2 with fix
ProductAffected VersionsFix Status
SYS600 9.x: <=9.4_FP2_Hotfix_4≤ 9.4 FP2 Hotfix 49.4 FP2 Hotfix 5 or later
SYS600 10.x: <=10.4≤ 10.410.4.1 or later
Remediation & Mitigation
0/5
Do now
0/2
HARDENINGRestrict physical and network access to SYS600 workstations to authorized personnel only
HARDENINGIf remote access to SYS600 systems is required, use VPN with multi-factor authentication
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

HOTFIXFor SYS600 9.x: Update to version 9.4 FP2 Hotfix 5 or later (requires 9.4 FP2 Hotfix 4 as prerequisite)
HOTFIXFor SYS600 10.x: Update to version 10.4.1 or later
Long-term hardening
0/1
HARDENINGIsolate SYS600 engineering workstations and HMI stations from business networks using firewalls and network segmentation
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/1d7c6183-0849-455d-ae09-ab076bedd06c
Hitachi Energy MicroSCADA Pro/X SYS600 Products (Update A) | CVSS 8.8 - OTPulse