Hitachi Energy TRO600
Plan PatchCVSS 7.2ICS-CERT ICSA-24-317-02Nov 12, 2024
Hitachi EnergyEnergy
Attack path
Attack VectorNetwork
Auth RequiredHigh
ComplexityLow
User InteractionNone needed
Summary
Hitachi Energy TRO600 series routers versions 9.0.1.0 through 9.2.0.0 contain command injection vulnerabilities in the edge computing functionality (CVE-2024-41153) and configuration utility (CVE-2024-41156). An authenticated attacker with high privileges could execute arbitrary system commands on the device.
What this means
What could happen
An attacker with engineering access to the TRO600 could run arbitrary commands on the router, potentially disrupting power system operations, intercepting network traffic, or modifying configurations that affect grid control and protection systems.
Who's at risk
This affects power distribution and generation facilities that use Hitachi Energy TRO600 series routers for substation automation, microgrid control, or network management. Equipment owners and operators responsible for substation IEDs, power quality monitors, and intelligent electronic devices (IEDs) connected to TRO600 routers should prioritize this update.
How it could be exploited
An attacker with valid high-privilege credentials on the TRO600 (e.g., engineering or administrator account) could inject shell commands through the edge computing feature or configuration utility to execute arbitrary code on the device. This requires prior authentication to the router's management interface.
Prerequisites
- High-privilege account credentials (engineering or administrator) for TRO600 management access
- Network access to the TRO600 configuration or edge computing interface
- Knowledge of the device's command injection vectors in configuration utility or edge computing feature
remotely exploitablehigh privileges required but privileges are easily obtained in engineering environmentsaffects critical energy infrastructurecommand injection allows full system compromise
Exploitability
Unlikely to be exploited — EPSS score 0.2%
Affected products (2)
2 with fix
ProductAffected VersionsFix Status
Hitachi Energy TRO600 series firmware versions: >=9.1.0.0|<=9.2.0.0≥ 9.1.0.0|≤ 9.2.0.09.2.0.5
Hitachi Energy TRO600 series firmware versions: >=9.0.1.0|<=9.2.0.0≥ 9.0.1.0|≤ 9.2.0.09.2.0.5
Remediation & Mitigation
0/6
Do now
0/2WORKAROUNDRestrict network access to TRO600 management interfaces (configuration utility and edge computing feature) to authorized engineering workstations only using firewall rules
WORKAROUNDDisable or isolate the edge computing functionality if it is not required for your operations
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpdate TRO600 firmware to version 9.2.0.5 or later during a scheduled maintenance window
Long-term hardening
0/3HARDENINGEnforce multi-factor authentication or certificate-based access for high-privilege accounts accessing the TRO600
HARDENINGSegment TRO600 routers from general business networks and control system networks using a firewall with minimal exposed ports
HARDENINGDisable Internet access for TRO600 devices; if remote management is required, use a VPN with appropriate encryption and access controls
CVEs (2)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/a430178f-9fca-4924-9f42-9ddaab4e59c0Get OT security insights every Tuesday
Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.