Hitachi Energy MACH GWS Products

Plan Patch9.9ICS-CERT ICSA-25-133-03May 13, 2025

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Hitachi Energy MACH GWS contains multiple vulnerabilities that allow code injection, arbitrary file read/modification, user session hijacking, and unauthenticated access to system ports. Successful exploitation by a local attacker could enable unauthorized modification of gateway configurations, access to connected backend systems, and disruption of energy data flow. The vulnerability affects versions 2.1.0.0 through 3.3.0.0 of MACH GWS.

What this means

What could happen

An attacker with local access could inject malicious code, read or modify critical files, hijack user sessions, and bypass authentication controls on MACH GWS systems, potentially allowing unauthorized manipulation of gateway operations or system shutdown.

Who's at risk

Energy sector organizations using Hitachi Energy MACH GWS gateways (versions 2.1.0.0 through 3.3.0.0) for data integration and network communication are affected. This includes utilities managing generation, transmission, and distribution systems that rely on MACH GWS for real-time data access and gateway operations between corporate and control network boundaries.

How it could be exploited

An attacker with local user-level access to a MACH GWS system can exploit these vulnerabilities to execute arbitrary code with elevated privileges. The attacker could use the compromised system to modify gateway configurations, intercept authenticated sessions, or access backend systems that the gateway connects to without requiring valid credentials.

Prerequisites

Local access to the MACH GWS system with non-administrative user credentials
Physical or logical access to a machine running an affected version of MACH GWS

Low complexity exploitationRequires local access (reduces remote risk but increases insider threat concern)Multiple vulnerability types (code injection, path traversal, session hijacking, authentication bypass)Affects critical energy infrastructureCVSS critical severity (9.9)

Exploitability

Low exploit probability (EPSS 0.7%)

Affected products (1)

ProductAffected VersionsFix Status

MACH GWS≥ 3.0.0.0|≤ 3.3.0.0; ≥ 2.2.0.0|≤ 2.4.0.0; 2.1.0.0; ≥ 3.1.0.0|≤ 3.3.0.03.4.0.0

Remediation & Mitigation

0/6

Do now

0/1

HARDENINGRestrict local access to MACH GWS systems to authorized personnel only; implement physical access controls

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade MACH GWS versions 3.0.0.0 to 3.3.0.0 to version 3.4.0.0

HOTFIXApply hotfixes HF1 through HF6 sequentially to MACH GWS version 2.1.0.0

HOTFIXApply hotfixes HF3 through HF6 sequentially to MACH GWS versions 2.2.0.0 to 2.4.0.0

Long-term hardening

0/2

HARDENINGEnsure MACH GWS systems have no direct connections to the Internet and are separated from other networks by a firewall with minimal exposed ports

HARDENINGImplement strong password policies and enforce multi-factor authentication where supported for administrative access

CVEs (4)

CVE-2024-4872 CVE-2024-3980 CVE-2024-3982 CVE-2024-7940

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/5c7e2f44-256e-4b11-ade6-83ac8b3c6aa5