Hitachi Energy SDM600

Plan PatchCVSS 8ICS-CERT ICSA-24-354-02Dec 19, 2024

Hitachi EnergyEnergy

Attack path

Attack VectorAdjacent

Auth RequiredLow

ComplexityHigh

User InteractionRequired

Summary

Hitachi Energy SDM600 versions below 1.3.4 contain authentication and authorization vulnerabilities (CWE-346, CWE-863) that allow privilege escalation and unauthorized access to sensitive information. Exploitation requires valid engineering credentials, local network access, and high attack complexity (specific user interaction or conditions). The vulnerability is not remotely exploitable. A fix is available in version 1.3.4.

What this means

What could happen

An attacker with local network access and engineering credentials could escalate privileges on the SDM600 device and access sensitive data like user accounts or device configuration, potentially allowing further compromise of the energy management system.

Who's at risk

Energy utilities and industrial organizations using Hitachi Energy SDM600 devices (versions before 1.3.4) for power distribution monitoring and control should prioritize this update. The vulnerability requires engineering credentials and local network access, so it poses highest risk in environments where contractor access, shared engineering networks, or poorly segmented OT systems exist.

How it could be exploited

An attacker with access to the local network and valid engineering workstation credentials could interact with the SDM600 device in a specific way (high attack complexity) to escalate privileges beyond their initial access level and read sensitive information from the device's storage or configuration.

Prerequisites

Local network access to SDM600 device
Valid engineering workstation credentials
Physical or logical access to trigger the vulnerability (high attack complexity suggests specific user interaction required)

privilege escalation possiblehigh CVSS score (8.0)affects energy sector critical infrastructurerequires valid credentials but escalates beyond intended permissions

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (1)

ProductAffected VersionsFix Status

SDM600<1.3.41.3.4

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDRestrict network access to SDM600 to authorized engineering workstations only using firewall rules or network segmentation

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SDM600 to firmware version 1.3.4 (Build 1.3.4.574) or later

Long-term hardening

0/2

HARDENINGIsolate SDM600 and control system networks from business networks using firewalls and network segmentation

HARDENINGUse VPN for any required remote access to SDM600 and ensure VPN is updated to the latest version

CVEs (2)

CVE-2024-2377 CVE-2024-2378

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/a86050ce-4840-4164-b0b9-c0b0273d52d6

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.