Hitachi Energy’s MicroSCADA Pro/X SYS600 Products
Monitor6.7ICS-CERT ICSA-23-138-03May 18, 2023
Attack VectorLocal
Auth RequiredLow
ComplexityHigh
User InteractionRequired
Summary
This vulnerability in Hitachi Energy SYS600 affects SCADA systems and stems from improper access control (CWE-863). Successful exploitation allows arbitrary code execution on the affected product. The vulnerability requires local access, valid credentials, and high attack complexity—it is not remotely exploitable. Affected versions: SYS600 9.4 FP2 Hotfix 5 and earlier; SYS600 10.1.1 and earlier.
What this means
What could happen
An attacker with local access and valid user credentials could execute arbitrary code on Hitachi Energy SYS600 SCADA systems, potentially disrupting power distribution operations or process control.
Who's at risk
Energy utilities operating Hitachi Energy MicroSCADA Pro/X SYS600 SCADA systems should evaluate this vulnerability. SYS600 is a supervisory control system used for power distribution monitoring and dispatch; affected versions include 9.4 FP2 Hotfix 5 and 10.1.1.
How it could be exploited
An attacker must have local access to the SYS600 workstation and valid user credentials. They would then exploit a privilege escalation vulnerability (CWE-863) to execute arbitrary code with elevated permissions on the system running SCADA operations.
Prerequisites
- Local physical or network access to SYS600 workstation
- Valid user account credentials
- High attack complexity—specific conditions must be met for successful exploitation
No patch available for vulnerable versionsRequires valid user credentials and local accessHigh attack complexity limits exploitabilityAffects SCADA infrastructure central to power operations
Exploitability
Moderate exploit probability (EPSS 5.2%)
Affected products (2)
2 pending
ProductAffected VersionsFix Status
SYS600: <= 10.1.110.1.1No fix yet
SYS600: <= 9.4 FP2 Hotfix 59.4 | FP2 Hotfix 5No fix yet
Remediation & Mitigation
0/8
Do now
0/3WORKAROUNDImplement firewall rules to restrict access to SYS600 workstations; limit exposed ports to minimum required
WORKAROUNDImplement strong password policies and ensure proper credential management for all SYS600 users
HARDENINGPhysically restrict access to SYS600 workstations and ensure no direct internet connections
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
HOTFIXUpgrade SYS600 9.x systems to version 10.2 or later
HOTFIXUpgrade SYS600 10.x systems to version 10.2 or later
Long-term hardening
0/3HARDENINGIsolate process control network from business network with firewall segmentation
HARDENINGScan portable computers and removable media for malware before connecting to SYS600 systems
HARDENINGPrevent use of SYS600 workstations for internet browsing, email, or instant messaging
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/4fc272b1-bbdd-41c2-8dbf-80dda3415b03