Hitachi Energy MicroSCADA X SYS600

Plan PatchCVSS 7.3ICS-CERT ICSA-25-184-02Jul 3, 2025

Hitachi EnergyEnergy

Attack path

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Multiple vulnerabilities in Hitachi Energy MicroSCADA Pro/X SYS600 versions 10.0 through 10.6 allow local attackers to tamper with system files, overwrite files, create denial-of-service conditions, or leak file content. The vulnerabilities involve improper handling of file permissions and validation (CWE-276, CWE-73, CWE-354, CWE-202, CWE-295). Five distinct CVEs have been identified: CVE-2025-39201, CVE-2025-39202, CVE-2025-39203, CVE-2025-39204, and CVE-2025-39205.

What this means

What could happen

An attacker with local access could overwrite system files, cause a denial-of-service condition, or leak sensitive file content from the MicroSCADA X SYS600 server, potentially disrupting energy management and control operations.

Who's at risk

Energy utilities, power generators, and grid operators running Hitachi Energy MicroSCADA X SYS600 versions 10.0 through 10.6 for SCADA control and monitoring systems are affected.

How it could be exploited

An attacker with local access to the SYS600 server could exploit file handling vulnerabilities to overwrite or read files without proper authorization, potentially modifying critical system configuration or operational data.

Prerequisites

Local access to the MicroSCADA X SYS600 server
Low-level user account or process privileges

affects SCADA/energy control systemslocal access required but low complexity attackallows file tampering and denial-of-servicemultiple related vulnerabilities (five CVEs)

Exploitability

Unlikely to be exploited — EPSS score 0.3%

Affected products (3)

3 with fix

ProductAffected VersionsFix Status

Hitachi Energy MicroSCADA Pro/X SYS600: >=10.0|<10.6≥ 10.0|<10.610.7

Hitachi Energy MicroSCADA Pro/X SYS600: >=10.5|<10.6≥ 10.5|<10.610.7

Hitachi Energy MicroSCADA Pro/X SYS600: >=10.3|<10.6≥ 10.3|<10.610.7

Remediation & Mitigation

0/4

Do now

0/1

HARDENINGRestrict local access to MicroSCADA X SYS600 servers to authorized engineering and operations personnel only

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Hitachi Energy MicroSCADA X SYS600 to version 10.7 or later

Long-term hardening

0/2

HARDENINGIsolate MicroSCADA X SYS600 servers from business networks using firewalls and network segmentation

HARDENINGImplement file integrity monitoring on MicroSCADA X SYS600 systems to detect unauthorized file modifications

CVEs (5)

CVE-2025-39201 CVE-2025-39202 CVE-2025-39204 CVE-2025-39205 CVE-2025-39203

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/e3f2e523-23f3-4768-82ff-2cbb3db44414

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.