Hitachi Energy MicroSCADA Pro/X SYS600 (Update A)
Act Now9.9ICS-CERT ICSA-24-331-04Nov 26, 2024
Attack VectorNetwork
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary
Hitachi Energy MicroSCADA Pro SYS600 and MicroSCADA X SYS600 contain multiple vulnerabilities (CVE-2024-4872, CVE-2024-3980, CVE-2024-3982, CVE-2024-7940, CVE-2024-7941) related to code injection, path traversal, session hijacking, and cross-site request forgery. An authenticated user can inject malicious code into persistent storage, manipulate the file system, hijack sessions, or conduct phishing attacks. Affected versions: MicroSCADA X SYS600 versions 10.0 through 10.5, and MicroSCADA Pro SYS600 versions 9.4_FP2_HF1 through 9.4_FP2_HF5.
What this means
What could happen
An authenticated attacker could inject malicious code into persistent data, manipulate files on the server, take over user sessions, or launch phishing attacks against system operators. This could lead to persistent compromise of the SCADA platform, loss of visibility into grid operations, and potential disruption of power distribution or manufacturing control.
Who's at risk
Energy utilities (power distribution, generation) and manufacturing facilities that operate Hitachi Energy MicroSCADA Pro or MicroSCADA X SYS600 platforms for SCADA supervisory control and data acquisition. Affected personnel include control room operators, system engineers, and IT staff managing these SCADA environments.
How it could be exploited
An attacker with valid credentials to the MicroSCADA web interface or engineering workstation can inject code through input fields vulnerable to path traversal or inadequate input validation. The injected code persists in the database or file system and executes in the context of the SCADA application, allowing manipulation of configuration, session hijacking, or deployment of phishing redirects to operators.
Prerequisites
- Valid user credentials for MicroSCADA Pro/X SYS600 (operator, engineer, or administrator account)
- Network access to the MicroSCADA web interface or engineering workstation
- Ability to submit crafted input through application forms or API endpoints
Authenticated attack (requires valid credentials)Low attack complexityHigh impact (code injection, persistent compromise)Critical CVSS 9.9Affects SCADA/grid control systemsNo known public exploitation yet
Exploitability
Low exploit probability (EPSS 0.7%)
Affected products (5)
5 with fix
ProductAffected VersionsFix Status
MicroSCADA X SYS600≥ 10.0|<10.210.6
MicroSCADA X SYS600≥ 10.2|<10.510.6
MicroSCADA X SYS60010.510.6
MicroSCADA Pro SYS600≥ 9.4 FP2 HF1|<9.4 FP2 HF510.6
MicroSCADA Pro SYS6009.4 FP110.6
Remediation & Mitigation
0/10
Do now
0/2WORKAROUNDRestrict network access to the MicroSCADA web interface and engineering workstations using firewall rules; expose only the minimum required ports
HARDENINGImplement strong password policies; disable or audit any default credentials in MicroSCADA user accounts
Schedule — requires maintenance window
0/4Patching may require device reboot — plan for process interruption
MicroSCADA X SYS600
HOTFIXUpdate MicroSCADA X SYS600 to version 10.6
HOTFIXFor MicroSCADA X SYS600 versions 10.3, 10.4, or 10.5: apply version-specific vulnerability patch 2025_01 before upgrading to 10.6
HOTFIXFor MicroSCADA X SYS600 version 10.5: apply vulnerability patch 2025_01 to address CVE-2024-7941
MicroSCADA Pro SYS600
HOTFIXUpdate MicroSCADA Pro SYS600 (9.4_FP2_HF1 through 9.4_FP2_HF5) to version 10.6 or apply Patch 9.4 FP2 HF6
Long-term hardening
0/4HARDENINGIsolate the MicroSCADA control system network from the Internet and other business networks using a firewall with minimal port exposure
HARDENINGProhibit use of MicroSCADA workstations for email, web browsing, or instant messaging to reduce phishing risk
HARDENINGScan all portable computers and removable media for malware before connecting to the MicroSCADA network
HARDENINGDeploy MicroSCADA according to the vendor's 'MicroSCADA cybersecurity deployment guideline' document
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/efc82865-88de-47ef-b69e-ed0bed5a47a6