Hitachi Energy Relion 670/650/SAM600-IO Series (Update C)

MonitorCVSS 6.5ICS-CERT ICSA-25-133-02May 13, 2025

Hitachi EnergyEnergy

Attack path

Attack VectorAdjacent

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

CVE-2023-4518 is a denial-of-service vulnerability in Hitachi Energy Relion 670/650/SAM600-IO series devices. An attacker on the local network segment can send crafted packets to cause operational disruption of the affected device. The vulnerability affects multiple firmware versions across the Relion product line: version 2.0.0.0–2.0.0.13, 2.2.0.x, 2.2.2.0–2.2.2.5, 2.2.3.0–2.2.3.6, 2.1.0.0–2.1.0.5, 2.2.4.0–2.2.4.3, 2.2.1.0–2.2.1.8, and 2.2.5.0–2.2.5.5. Hitachi Energy has released patches for all affected versions.

What this means

What could happen

An attacker on the local network could disrupt the operation of Relion 670/650/SAM600-IO series devices, potentially causing operational interruptions to substations, generation controls, or protection relays depending on the specific deployment.

Who's at risk

This vulnerability affects Hitachi Energy Relion 670, 650, and SAM600-IO series devices used in electrical substations, generation facilities, and protection relay applications. Energy utilities operating these devices in protection, control, or monitoring roles should prioritize assessment and patching.

How it could be exploited

An attacker with network access to the affected device on the local network (AV:A) can send specially crafted packets to trigger a denial-of-service condition, causing the device to become unavailable without requiring credentials or user interaction.

Prerequisites

Network access to the affected device from an adjacent network segment (AV:A, not internet-accessible)
No authentication required
No special configuration needed—vulnerability is present in affected versions by default

Local network access required (not internet-exploitable)No authentication requiredLow attack complexityAvailability impact only (denial-of-service)Affects critical grid control equipment

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (5)

5 with fix

ProductAffected VersionsFix Status

Relion 670 series≥ 2.0.0.0, ≤ 2.0.0.13vers:2.2.0/*≥ 2.2.2.0, < 2.2.2.6≥ 2.2.3.0, < 2.2.3.72.2.3.7

Relion 670/650 series650/≥ 2.1.0.0, ≤ 2.1.0.52.1.0.6

Relion 670/650 series650/≥ 2.2.4.0, < 2.2.4.42.2.4.4

Relion 670/650/SAM600-IO series650/SAM600-IO/≥ 2.2.1.0, ≤ 2.2.1.82.2.1.9

Relion 670/650/SAM600-IO series650/SAM600-IO/≥ 2.2.5.0, < 2.2.5.62.2.5.6

Remediation & Mitigation

0/8

Do now

0/1

WORKAROUNDRestrict network access to Relion devices by implementing firewall rules to limit Layer 2 traffic from untrusted network segments

Schedule — requires maintenance window

0/7

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Relion 670 to version 2.0.0.14 or later

HOTFIXUpdate Relion 650 to version 2.1.0.6 or later

HOTFIXUpdate Relion 650 to version 2.2.4.4 or later

HOTFIXUpdate Relion 650/SAM600-IO to version 2.2.1.9 or later

HOTFIXUpdate Relion to version 2.2.2.6 or later

HOTFIXUpdate Relion to version 2.2.3.7 or later

HOTFIXUpdate Relion 650/SAM600-IO to version 2.2.5.6 or later

CVEs (1)

CVE-2023-4518

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/07ee92e4-4518-4723-bf59-541c2daf888c

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.