Hitachi Energy MACH System Software

Monitor6.5ICS-CERT ICSA-23-320-02Nov 16, 2023

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

MACH SSW versions 5.0–7.17.0.0 contain an authorization bypass vulnerability (CWE-29, CWE-266) that allows authenticated users to read or write arbitrary files without proper authorization. An attacker with valid engineering credentials could exploit this flaw to access or modify critical system files and configuration data. Hitachi Energy has not released patches for affected versions and recommends network segmentation, access controls, and firewall restrictions as compensating controls pending availability of firmware updates.

What this means

What could happen

An attacker with engineering workstation access to the MACH system could read or modify critical configuration files and process data without authorization, potentially causing equipment misconfiguration or disruption of power system operations.

Who's at risk

Energy operators running Hitachi Energy MACH SSW systems, particularly those using versions 5.0 through 7.16.x or 7.10.0.0 through 7.17.x. This affects control and monitoring of power generation, transmission, and distribution equipment. Utilities and industrial facilities managing critical power infrastructure should prioritize assessment of their MACH deployments.

How it could be exploited

An attacker with valid engineering credentials can authenticate to the MACH SSW system and exploit an authorization bypass flaw to read or write arbitrary files on the system, including critical configuration files that control power system operations.

Prerequisites

Valid engineering workstation credentials for MACH SSW
Network access to MACH SSW management interface
Access from within or through the control network (not internet-accessible by design)

Affects critical power system operationsRequires valid credentials but bypasses authorization controlsNo patch currently available from vendorLow CVSS score (6.5) reflects low complexity but high integrity impact

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (2)

2 EOL

ProductAffected VersionsFix Status

MACH SSW: >=5.0|<7.17.0.0≥ 5.0|<7.17.0.0No fix (EOL)

MACH SSW: >=7.10.0.0|<7.18.0.0≥ 7.10.0.0|<7.18.0.0No fix (EOL)

Remediation & Mitigation

0/5

Do now

0/2

WORKAROUNDRestrict network access to MACH SSW management interfaces using firewall rules; limit connections to authorized engineering workstations only

HARDENINGImplement role-based access controls and enforce principle of least privilege for engineering workstation accounts accessing MACH SSW

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGDisable or restrict remote access to MACH SSW unless absolutely required; if remote access is necessary, use VPN with multi-factor authentication and monitor connection logs

HOTFIXContact Hitachi Energy account team to assess upgrade path to patched versions when available and plan maintenance window for system update

Mitigations - no patch available

0/1

The following products have reached End of Life with no planned fix: MACH SSW: >=5.0|<7.17.0.0, MACH SSW: >=7.10.0.0|<7.18.0.0. Apply the following compensating controls:

HARDENINGIsolate MACH SSW and engineering workstations on a dedicated, air-gapped control network segment separated from corporate network by firewall

CVEs (2)

CVE-2023-2621 CVE-2023-2622

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/bea4d9de-43db-47f1-8ca4-5a347a55ec40