Hitachi Energy FOX61x Products

Monitor4.9ICS-CERT ICSA-25-016-07Jan 16, 2025

Attack VectorNetwork

Auth RequiredHigh

ComplexityLow

User InteractionNone needed

Summary

A path traversal vulnerability in Hitachi Energy FOX61x control system gateways allows authenticated administrative users to access files and directories that would otherwise be restricted. The vulnerability is present in XMC20 R15A and all subversions, R15B, R16A, and R16B Revision C and older. Hitachi Energy has released FOX61x R16B Revision G as the patched version; older versions that are end-of-life will not receive fixes and must be migrated.

What this means

What could happen

An attacker with administrative access could traverse the file system on FOX61x devices to read sensitive files or directories that should be restricted, potentially exposing configuration data or credentials.

Who's at risk

Power and energy utilities using Hitachi Energy FOX61x devices for grid management or control, as well as manufacturing facilities that deploy these control system gateways. Primarily affects organizations running R15A, R15B, R16A, or R16B Revision C or earlier versions.

How it could be exploited

An attacker with high-level privileges (admin or high-privilege account) on the FOX61x device can manipulate file paths to bypass directory access restrictions and read files outside their intended scope. This requires already having administrative credentials or access to the device's management interface.

Prerequisites

Administrative or high-privilege credentials for the FOX61x device
Network access to the FOX61x device management interface
Ability to authenticate as a privileged user

High privilege requiredNo patch available for older versionsAffects sensitive file accessEOL products without remediation path

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (4)

2 pending2 EOL

ProductAffected VersionsFix Status

XMC20 R16AR16ANo fix (EOL)

XMC20 R15A and older including all subversions≤ R15ANo fix yet

XMC20 R16B Revision C (cent2_r16b04_02, co5ne_r16b04_02) and older including all subversionsR16B Revision CNo fix yet

XMC20 R15BR15BNo fix (EOL)

Remediation & Mitigation

0/5

Do now

0/3

HARDENINGRestrict network access to FOX61x devices: block Internet-facing access and place devices behind firewalls isolated from business networks

HARDENINGImplement access controls to limit administrative credentials and audit who has high-privilege access to FOX61x devices

WORKAROUNDUse VPN with encryption for any required remote management of FOX61x devices

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate FOX61x R16B Revision E and older to FOX61x R16B Revision G (cesm3_r16b04_07, cesne_r16b04_07, f10ne_r16b04_07)

HOTFIXFor EOL versions (R15A and R16A), plan migration to FOX61x R16B Revision G or newer supported version

CVEs (1)

CVE-2024-2461

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/dad6abd2-3f3e-45dd-89f0-16bca5cf311d