Hitachi Energy MACH PS700

MonitorCVSS 6.7ICS-CERT ICSA-25-063-03Mar 4, 2025

Hitachi EnergyEnergy

Attack path

Attack VectorLocal

Auth RequiredLow

ComplexityHigh

User InteractionRequired

Summary

A privilege escalation vulnerability exists in Intel chipset software bundled with Hitachi Energy MACH PS700 v2 System. Successful exploitation requires local access to an engineering workstation and low-level user privileges. An attacker could escalate privileges to administrative level and execute arbitrary commands, potentially gaining control over power system configuration and operation. The vulnerability has high attack complexity and is not remotely exploitable. Hitachi Energy has indicated no firmware patch is planned for this product; mitigation relies on patch scripts and network isolation.

What this means

What could happen

An attacker with local access to a MACH PS700 v2 workstation could escalate privileges and run commands with elevated rights, potentially altering generator setpoints, control logic, or operational parameters critical to power system stability.

Who's at risk

Energy sector organizations operating Hitachi Energy MACH PS700 v2 generator excitation systems and power management software should care about this vulnerability. It affects engineering workstations and control system software used for power plant operations and grid stability.

How it could be exploited

An attacker must first gain local access to the MACH PS700 v2 workstation (e.g., via physical access, compromised user account, or malware delivered through email or USB). Once local, the attacker exploits a privilege escalation vulnerability in the Intel chipset software bundled with the system to gain administrative control, allowing arbitrary command execution and modification of power system configurations.

Prerequisites

Local access to MACH PS700 v2 workstation
Low-level user privileges (non-administrative account)
User interaction (triggering the vulnerable code path)
High attack complexity (specific conditions must align)

no patch availablerequires local access (reduces remote risk)high attack complexityprivilege escalation capabilityaffects power system control software

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (1)

ProductAffected VersionsFix Status

MACH PS700 v2 Systemv2No fix (EOL)

Remediation & Mitigation

0/5

Do now

0/1

HARDENINGPhysically restrict access to MACH PS700 v2 engineering workstations; implement badge access or locking mechanisms in control rooms

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

HOTFIXApply patch scripts from Hitachi Energy PSIRT advisory 8DBD000208 to remove vulnerable Intel chipset software components (contact local Hitachi Energy account team for implementation guidance)

HARDENINGIsolate MACH PS700 v2 system networks from business/corporate networks using air-gapping or firewalls

HARDENINGDisable unnecessary local user accounts and enforce strong password policies on all MACH PS700 v2 workstations

Mitigations - no patch available

0/1

MACH PS700 v2 System has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGImplement monitoring for privilege escalation attempts on MACH PS700 v2 systems and alert on suspicious account activity

CVEs (1)

CVE-2023-28388

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/1129f48d-7529-45ba-af14-29d12bf2cef4

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.