Hitachi Energy FOX61x Products

MonitorCVSS 4.9ICS-CERT ICSA-25-016-07Jan 16, 2025

Hitachi EnergyEnergyManufacturing

Attack path

Attack VectorNetwork

Auth RequiredHigh

ComplexityLow

User InteractionNone needed

Summary

A path traversal vulnerability in Hitachi Energy FOX61x products allows an authenticated attacker with high-level credentials to access files and directories outside their intended scope. This could expose configuration data or system information that should be restricted. The vulnerability affects XMC20 R15A, R15B, R16A (EOL with no remediation planned), and R16B Revision E and older. Hitachi Energy recommends updating to FOX61x R16B Revision G (cesm3_r16b04_07, cesne_r16b04_07, f10ne_r16b04_07) for affected versions. Organizations using EOL versions with no fix available should plan upgrades to the current supported version.

What this means

What could happen

An attacker with high-level credentials could access files and directories on the FOX61x system that should be restricted, potentially exposing sensitive configuration data or enabling further attacks on your energy management infrastructure.

Who's at risk

Energy utilities and manufacturing facilities using Hitachi Energy FOX61x products for grid management, substation control, and system monitoring. Particularly relevant to any organization running R15A, R15B, R16A, or R16B Revision E and older versions of these systems.

How it could be exploited

An attacker who has already obtained administrative or engineering credentials can traverse the file system using path traversal techniques to read files outside their intended scope. This requires the attacker to have valid high-privilege credentials and network access to the management interface.

Prerequisites

Administrative or engineering-level credentials for the FOX61x system
Network access to the FOX61x management interface
Knowledge of file system paths to traverse

requires high-privilege credentialsallows unauthorized file accessaffects energy infrastructuremultiple versions with no fix planned

Exploitability

Unlikely to be exploited — EPSS score 0.2%

Affected products (4)

2 pending2 EOL

ProductAffected VersionsFix Status

XMC20 R16AR16ANo fix (EOL)

XMC20 R15A and older including all subversions≤ R15ANo fix yet

XMC20 R16B Revision C (cent2_r16b04_02, co5ne_r16b04_02) and older including all subversionsR16B Revision CNo fix yet

XMC20 R15BR15BNo fix (EOL)

Remediation & Mitigation

0/6

Do now

0/2

HARDENINGRestrict network access to the FOX61x management interface; ensure it is not accessible from the internet or untrusted business networks

HARDENINGIf remote access to FOX61x is required, route it through a VPN with current security patches and keep the VPN client updated

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

HOTFIXUpdate FOX61x R16B Revision E and older to FOX61x R16B Revision G (cesm3_r16b04_07, cesne_r16b04_07, or f10ne_r16b04_07)

HOTFIXFor FOX61x R15B systems, plan an upgrade to FOX61x R16B Revision G (cesm3_r16b04_07, cesne_r16b04_07, or f10ne_r16b04_07)

HOTFIXFor EOL versions (R15A and older, R16A), upgrade to current supported version FOX61x R16B Revision G

Mitigations - no patch available

0/1

The following products have reached End of Life with no planned fix: XMC20 R16A, XMC20 R15B. Apply the following compensating controls:

HARDENINGLimit FOX61x administrative and engineering credential access to only authorized personnel with a defined approval process

CVEs (1)

CVE-2024-2461

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/dad6abd2-3f3e-45dd-89f0-16bca5cf311d

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.