Hitachi Energy Relion 670, 650 Series and SAM600-IO Product
Act Now9.8ICS-CERT ICSA-25-155-02Jun 5, 2025
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
Memory allocation vulnerability (BadAlloc) in Hitachi Energy Relion 670, Relion 650, and SAM-IO product lines affecting multiple firmware versions. The vulnerability allows memory corruption on affected devices through network access. Impacts versions: Relion 670 (1.1 to 2.2.5.1), Relion 650 (1.0 to 2.2.5.1), SAM-IO (2.2.1.0 to 2.2.5.1).
What this means
What could happen
An attacker could exploit memory corruption on your Relion or SAM-IO protection relays, potentially allowing them to manipulate the device's operation or cause it to malfunction, which could disrupt power distribution or substation automation functions.
Who's at risk
Operators of electrical utility substations and power distribution systems using Hitachi Energy Relion 670 or 650 series protection and automation relays, and those using SAM-IO I/O devices for substation control. This affects critical infrastructure in the energy sector where these relays provide protection and automation functions.
How it could be exploited
An attacker with network access to the device could send specially crafted packets that trigger a memory allocation vulnerability. This could corrupt the device's memory, allowing the attacker to influence the relay's decision-making or cause it to stop operating correctly.
Prerequisites
- Network access to the affected Relion or SAM-IO device (typically port-based, protocol not specified in advisory)
- Device running vulnerable firmware version
remotely exploitableno authentication requiredlow complexityaffects critical infrastructuremultiple firmware versions vulnerable
Exploitability
Moderate exploit probability (EPSS 2.1%)
Affected products (4)
4 with fix
ProductAffected VersionsFix Status
Relion 670 series≥ 2.2.5.0, ≤ 2.2.5.1; ≥ 2.2.4.0, ≤ 2.2.4.2; ≥ 2.2.3.0, ≤ 2.2.3.4 and 3 more2.2.1.8 version or latest
Relion 650 series≥ 2.2.5.0, ≤ 2.2.5.1; ≥ 2.2.4.0, ≤ 2.2.4.2; ≥ 2.2.1.0, ≤ 2.2.1.7; ≥ 1.0, < 2.2.12.2.1.8 version or latest
SAM-IO series≥ 2.2.5.0, ≤ 2.2.5.12.2.5.2 version or latest
SAM-IO series≥ 2.2.1.0, ≤ 2.2.1.72.2.1.8 version or latest
Remediation & Mitigation
0/13
Do now
0/1WORKAROUNDUse VPN or other secure remote access methods if remote access to devices is required
Schedule — requires maintenance window
0/10Patching may require device reboot — plan for process interruption
Relion 670 series
HOTFIXUpdate Relion 670 series version 2.2.5 to 2.2.5.2 or later
HOTFIXUpdate Relion 670 series version 2.2.4 to 2.2.4.3 or later
HOTFIXUpdate Relion 670 series version 2.2.3 to 2.2.3.5 or later
HOTFIXUpdate Relion 670 series version 2.2.2 to 2.2.2.5 or later
HOTFIXUpdate Relion 670 series version 2.2.1 to 2.2.1.8 or later
Relion 650 series
HOTFIXUpdate Relion 650 series version 2.2.5 to 2.2.5.2 or later
HOTFIXUpdate Relion 650 series version 2.2.4 to 2.2.4.3 or later
HOTFIXUpdate Relion 650 series version 2.2.1 to 2.2.1.8 or later
SAM-IO series
HOTFIXUpdate SAM-IO series version 2.2.5 to 2.2.5.2 or later
HOTFIXUpdate SAM-IO series version 2.2.1 to 2.2.1.8 or later
Long-term hardening
0/2HARDENINGMinimize network exposure of relays and protection systems by restricting network access and ensuring devices are not reachable from the internet
HARDENINGPlace control system networks and remote devices behind firewalls and isolate them from business networks
CVEs (2)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/04efda61-5d11-42ed-a5f5-31daf7a7c8e9