OTPulse
FeedAboutContact

Hitachi Energy MSM

Monitor6.1ICS-CERT ICSA-25-182-07Jul 1, 2025
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

A cross-site scripting (XSS) vulnerability in Hitachi Energy MSM 2.2.9 allows attackers to execute untrusted code in the application context. The vulnerability is present in jQuery functionality used by the MSM product. Successful exploitation could lead to unauthorized actions or system compromise through client-side code injection.

What this means
What could happen
An attacker could inject malicious scripts into MSM that execute in an operator's browser, potentially stealing session tokens, manipulating displayed data, or redirecting operators to malicious sites that compromise their credentials or plant workstations.
Who's at risk
Energy sector operators relying on Hitachi Energy MSM (Meter Scoping Management or similar management/monitoring software) for system monitoring or configuration are affected. This includes utilities using MSM for SCADA or power management integration where operator workstations access the web interface.
How it could be exploited
An attacker sends a crafted URL or injects malicious input into a searchable or user-input field in MSM. When an operator clicks the link or the input is displayed, the injected JavaScript executes in their browser with their privileges, allowing the attacker to interact with MSM or steal session information to access the system remotely.
Prerequisites
  • User interaction required—an operator must click a malicious link or view a page containing injected input
  • Network access to the MSM web interface (typically port 80 or 443)
  • No authentication required to craft the malicious payload, but the operator viewing it must be authenticated to MSM
remotely exploitablelow complexityuser interaction requiredno patch availableaffects management/control interface
Exploitability
Moderate exploit probability (EPSS 3.3%)
Affected products (1)
ProductAffected VersionsFix Status
MSM 2.2.9≤ 2.2.9No fix (EOL)
Remediation & Mitigation
0/5
Do now
0/3
HARDENINGIsolate MSM instances behind a firewall; do not expose the web interface to the internet or untrusted business networks
HARDENINGImplement network segmentation so MSM is accessible only from authorized operator workstations and engineering networks
WORKAROUNDUse a VPN for any remote access to MSM; ensure the VPN is kept current with the latest security updates
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

WORKAROUNDMonitor MSM logs for suspicious input attempts or access patterns that may indicate XSS attacks
HOTFIXTrack Hitachi Energy PSIRT advisory 8DBD000219 and Hitachi Energy security announcements for patches or a newer version of MSM
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/dff7cfac-41c4-417a-863b-d43510487de7
Hitachi Energy MSM | CVSS 6.1 - OTPulse