Hitachi Energy MACH GWS Products

Plan PatchCVSS 9.9ICS-CERT ICSA-25-133-03May 13, 2025

Hitachi EnergyEnergy

Attack path

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Hitachi Energy MACH GWS contains multiple vulnerabilities in versions 2.1.0.0 through 3.3.0.0 that allow code injection (CWE-943), path traversal (CWE-22), session hijacking (CWE-294), and authentication bypass (CWE-306). Successful exploitation by an attacker with local access could result in arbitrary code execution, unauthorized file access or modification, hijacked user sessions, or access to unauthenticated ports. This affects gateway systems that bridge control networks and IT networks in energy transmission and distribution operations.

What this means

What could happen

An attacker with local access to a MACH GWS system could inject malicious code, read or modify critical configuration files, or hijack authenticated user sessions to take control of gateway operations and alter process setpoints or communications.

Who's at risk

Energy sector organizations operating Hitachi Energy MACH GWS gateway solutions should prioritize this update. MACH GWS is a gateway management system used in power transmission and distribution environments to integrate legacy and modern control systems. All versions 2.1.0.0 through 3.3.0.0 are affected.

How it could be exploited

An attacker must first gain local access to the MACH GWS system (physical access or via a compromised IT system on the same network). Once local, the attacker can exploit path traversal (CWE-22), session hijacking (CWE-294), or authentication bypass (CWE-306) vulnerabilities to execute arbitrary code or access restricted files without requiring additional credentials.

Prerequisites

Local access to the MACH GWS system (physical or via compromised network host)
Low privilege user account or physical access to the device
Affected software versions 2.1.0.0 through 3.3.0.0

low complexity exploitationlow privilege requiredaffects critical energy infrastructurecode injection possibleauthentication bypass possibleno active public exploitation reported

Exploitability

Unlikely to be exploited — EPSS score 0.7%

Affected products (1)

ProductAffected VersionsFix Status

MACH GWS≥ 3.0.0.0|≤ 3.3.0.0≥ 2.2.0.0|≤ 2.4.0.02.1.0.0≥ 3.1.0.0|≤ 3.3.0.03.4.0.0

Remediation & Mitigation

0/5

Do now

0/2

HARDENINGRestrict local access to MACH GWS systems to authorized personnel only via physical access controls and network segmentation

HARDENINGImplement firewall rules to limit network access to MACH GWS systems from trusted networks only, restricting unnecessary exposed ports

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

HOTFIXUpdate MACH GWS versions 3.0.0.0 to 3.3.0.0 to version 3.4.0.0

HOTFIXFor MACH GWS version 2.1.0.0, apply hotfixes HF1 through HF6 sequentially

HOTFIXFor MACH GWS versions 2.2.0.0 to 2.4.0.0, apply hotfixes HF3 through HF6 sequentially

CVEs (4)

CVE-2024-4872 CVE-2024-3980 CVE-2024-3982 CVE-2024-7940

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/5c7e2f44-256e-4b11-ade6-83ac8b3c6aa5

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.