Hitachi Energy TRMTracker

MonitorCVSS 6.9ICS-CERT ICSA-25-093-02Apr 3, 2025

Hitachi EnergyEnergy

Summary

Multiple vulnerabilities in Hitachi Energy TRMTracker (CWE-90 LDAP injection, CWE-74 command injection, CWE-79 cross-site scripting) allow an attacker to execute limited remote commands, poison web cache, or disclose and modify sensitive information. Affected versions: TRMTracker 6.2.04 and earlier, and versions 6.3.0/6.3.01.

What this means

What could happen

An attacker could execute limited remote commands on TRMTracker, potentially altering energy transaction data or modifying process settings, or could poison web caches and steal sensitive information used in energy trading operations.

Who's at risk

Energy companies and utilities operating Hitachi Energy TRMTracker for energy transaction and trading management, particularly those running versions 6.2.04 or earlier, or versions 6.3.0/6.3.01. This affects energy market operators, traders, and system administrators responsible for trading infrastructure.

How it could be exploited

An attacker with network access to the TRMTracker web interface could exploit command injection, LDAP injection, or cross-site scripting vulnerabilities to inject malicious payloads. These could be used to run commands on the server, manipulate web cache content, or extract and modify trading-related data stored in the application.

Prerequisites

Network access to TRMTracker web interface (typically port 80/443)
Vulnerable TRMTracker version (6.2.04 or earlier, or 6.3.0/6.3.01)

remotely exploitableaffects business-critical trading operationscommand injection and data manipulation possible

Exploitability

Unlikely to be exploited — EPSS score 0.2%

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

TRMTracker≤ 6.2.046.2.04.014 or update to version 6.3.02

TRMTracker6.3.0|6.3.016.3.02

Remediation & Mitigation

0/5

Do now

0/1

TRMTracker

WORKAROUNDRestrict network access to TRMTracker web interface to authorized IP addresses only using firewall rules

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

TRMTracker

HOTFIXUpdate TRMTracker v6.2.04 and below to v6.2.04.014 or v6.3.02

HOTFIXUpdate TRMTracker v6.3.0 or v6.3.01 to v6.3.02

Long-term hardening

0/2

TRMTracker

HARDENINGIsolate TRMTracker on a dedicated network segment with firewall protection from direct internet access

HARDENINGEnforce strong password policies and restrict administrative access to TRMTracker

CVEs (3)

CVE-2025-27631 CVE-2025-27632 CVE-2025-27633

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/7b598e5f-0640-4d67-bf55-4b041cc265f5

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.