Hitachi Energy Asset Suite

Act Now8.8ICS-CERT ICSA-25-261-04Sep 18, 2025

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Asset Suite versions 9.6.4.5 and earlier contain multiple vulnerabilities in bundled open-source libraries including Apache XML Graphics Batik (CWE-918 SSRF), logback (CWE-400 DoS via poisoned data), H2 Database Engine (CWE-312 cleartext password storage), Apache CXF (file system exhaustion), UriComponentsBuilder (CWE-601 open redirect and SSRF), and Apache ActiveMQ (CWE-502 arbitrary code execution). These vulnerabilities could allow attackers to leak sensitive information, cause service disruption, or execute commands on the Asset Suite application server. No public exploitation has been reported as of the advisory date.

What this means

What could happen

An attacker could read sensitive files and passwords stored in cleartext, trigger denial-of-service attacks that consume CPU and memory resources or fill the file system, or in some cases execute arbitrary code on the Asset Suite application server. This could disrupt energy asset management functions, prevent operators from accessing critical configuration and monitoring systems.

Who's at risk

Energy utilities and industrial facilities operating Hitachi Energy Asset Suite versions 9.6.4.5 or earlier should prioritize this issue. Asset Suite is a critical management platform for asset monitoring and configuration; compromise could disrupt visibility and control over energy infrastructure equipment including power generation, transmission, and distribution systems.

How it could be exploited

An attacker with local access or ability to interact with the Asset Suite user interface (via phishing or social engineering) could craft malicious input or trigger resource consumption through vulnerable open-source libraries (Batik, logback, H2 Database, CXF, ActiveMQ). Some vulnerabilities may be exploited remotely through SSRF or open redirect if Asset Suite is exposed to untrusted networks.

Prerequisites

Local or user-interaction access to Asset Suite application
Network access to Asset Suite if vulnerabilities are remotely exploitable (SSRF, open redirect, or ActiveMQ)
Asset Suite version 9.6.4.5 or earlier

High EPSS score (82.2%)Multiple attack vectors (SSRF, DoS, code execution, open redirect)Cleartext password disclosureLocal and remote exploitation possibleAffects safety/operational visibility systems

Exploitability

High exploit probability (EPSS 82.2%)

Affected products (1)

ProductAffected VersionsFix Status

Asset Suite≤ 9.6.4.59.7

Remediation & Mitigation

0/6

Do now

0/4

WORKAROUNDApply general mitigation factors for CVE-2022-44729, CVE-2023-6378, CVE-2022-45868, CVE-2025-23184, CVE-2024-22262 as documented in Hitachi Energy PSIRT advisory 8DBD000221

HARDENINGMinimize network exposure: ensure Asset Suite is not directly accessible from the internet

HARDENINGRestrict user interaction with Asset Suite to authenticated users on trusted networks only

WORKAROUNDMonitor for suspicious file system consumption and resource spikes that may indicate DoS exploitation

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade Asset Suite to version 9.7 or later

Long-term hardening

0/1

HARDENINGIsolate Asset Suite behind firewall and separate from business networks if possible

CVEs (6)

CVE-2022-44729 CVE-2023-6378 CVE-2022-45868 CVE-2025-23184 CVE-2024-22262 CVE-2022-41678

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/c0f5583f-b3aa-4b69-a845-108f0b78d9d1