Hitachi Energy Relion 670, 650 Series and SAM600-IO Product
Plan PatchCVSS 9.8ICS-CERT ICSA-25-155-02Apr 11, 2023
SiemensHitachi EnergyEnergy
Attack path
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
Memory allocation vulnerability (BadAlloc) in Hitachi Energy Relion 670, Relion 650, and SAM-IO product lines affecting multiple firmware versions. The vulnerability allows memory corruption on affected devices through network access. Impacts versions: Relion 670 (1.1 to 2.2.5.1), Relion 650 (1.0 to 2.2.5.1), SAM-IO (2.2.1.0 to 2.2.5.1).
What this means
What could happen
An attacker could exploit memory corruption on your Relion or SAM-IO protection relays, potentially allowing them to manipulate the device's operation or cause it to malfunction, which could disrupt power distribution or substation automation functions.
Who's at risk
Operators of electrical utility substations and power distribution systems using Hitachi Energy Relion 670 or 650 series protection and automation relays, and those using SAM-IO I/O devices for substation control. This affects critical infrastructure in the energy sector where these relays provide protection and automation functions.
How it could be exploited
An attacker with network access to the device could send specially crafted packets that trigger a memory allocation vulnerability. This could corrupt the device's memory, allowing the attacker to influence the relay's decision-making or cause it to stop operating correctly.
Prerequisites
- Network access to the affected Relion or SAM-IO device (typically port-based, protocol not specified in advisory)
- Device running vulnerable firmware version
remotely exploitableno authentication requiredlow complexityaffects critical infrastructuremultiple firmware versions vulnerable
Exploitability
Some exploitation risk — EPSS score 1.3%
Affected products (85)
34 with fix51 pending
ProductAffected VersionsFix Status
SCALANCE XR324-4M EEC (2x 24V, ports on front)All versionsNo fix yet
SCALANCE XR324-4M EEC (2x 24V, ports on rear)All versionsNo fix yet
SCALANCE XR324-4M PoE (230V, ports on front)All versionsNo fix yet
SCALANCE XR324-4M PoE (230V, ports on rear)All versionsNo fix yet
SCALANCE XR324-4M PoE (24V, ports on front)All versionsNo fix yet
Remediation & Mitigation
0/13
Do now
0/1WORKAROUNDUse VPN or other secure remote access methods if remote access to devices is required
Schedule — requires maintenance window
0/10Patching may require device reboot — plan for process interruption
Relion 670 series
HOTFIXUpdate Relion 670 series version 2.2.5 to 2.2.5.2 or later
HOTFIXUpdate Relion 670 series version 2.2.4 to 2.2.4.3 or later
HOTFIXUpdate Relion 670 series version 2.2.3 to 2.2.3.5 or later
HOTFIXUpdate Relion 670 series version 2.2.2 to 2.2.2.5 or later
HOTFIXUpdate Relion 670 series version 2.2.1 to 2.2.1.8 or later
Relion 650 series
HOTFIXUpdate Relion 650 series version 2.2.5 to 2.2.5.2 or later
HOTFIXUpdate Relion 650 series version 2.2.4 to 2.2.4.3 or later
HOTFIXUpdate Relion 650 series version 2.2.1 to 2.2.1.8 or later
SAM-IO series
HOTFIXUpdate SAM-IO series version 2.2.5 to 2.2.5.2 or later
HOTFIXUpdate SAM-IO series version 2.2.1 to 2.2.1.8 or later
Long-term hardening
0/2HARDENINGMinimize network exposure of relays and protection systems by restricting network access and ensuring devices are not reachable from the internet
HARDENINGPlace control system networks and remote devices behind firewalls and isolate them from business networks
CVEs (2)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/04efda61-5d11-42ed-a5f5-31daf7a7c8e9Get OT security insights every Tuesday
Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.