All news with #hitachi energy tag

CISA Releases Four Industrial Control Systems Advisories

🔔 CISA released four Industrial Control Systems (ICS) advisories covering Advantech DeviceOn iEdge, Ubia Ubox, ABB FLXeon Controllers, and an update for Hitachi Energy Asset Suite. Each advisory provides technical details on identified vulnerabilities and recommended mitigations. Users and administrators are urged to review the advisories and apply mitigations promptly.

Hitachi Energy TropOS Command Injection and Privilege Issues

⚠️ Hitachi Energy's TropOS wireless devices contain multiple vulnerabilities — including OS command injection and improper privilege management — that can be exploited remotely by authenticated users to obtain root access. Affected 4th Gen firmware versions up to 8.9.6.0 are vulnerable (CVE-2025-1036, CVE-2025-1037, CVE-2025-1038); CVSS v4 scores reach 8.7. Hitachi Energy advises immediate update to version 8.9.7.0, and CISA recommends isolating devices, minimizing network exposure, and following ICS security best practices.

CISA Releases Two ICS Advisories on ISO 15118-2 and TropOS

🛡️ CISA released two Industrial Control Systems advisories addressing the International Standards Organization ISO 15118-2 standard and Hitachi Energy TropOS. The advisories provide timely information on security issues, vulnerabilities, and potential exploits affecting ICS components. Administrators and operators are urged to review the advisories for technical details and recommended mitigations to protect operational environments.

CISA Issues Eight New Industrial Control Systems Advisories

🔔 CISA released eight Industrial Control Systems advisories addressing vulnerabilities and updates across multiple vendors and products, including AutomationDirect, ASKI Energy, Veeder-Root, Delta Electronics, NIHON KOHDEN, Schneider Electric, and Hitachi Energy. The notices cover new findings and several updates (for example, Update A and Update C) and list ICSA/ICSMA identifiers for each advisory. Administrators and asset owners should review the technical details, apply available patches or vendor mitigations, and reinforce network segmentation, access controls, and monitoring to reduce exposure.

Hitachi Energy MACH GWS Vulnerabilities — Patch Alert

⚠️ Hitachi Energy reported three vulnerabilities in MACH GWS (versions 3.0.0.0–3.4.0.0) that could enable local tampering, denial-of-service via IEC 61850 message handling, or remote man-in-the-middle attacks. The issues are categorized as Incorrect Default Permissions, Improper Validation of Integrity Check Value, and Improper Certificate Validation and carry CVSS v4 scores up to 7.1. Hitachi Energy recommends updating to MACH GWS 3.5 immediately and following deployment guidance such as network segregation, minimal exposed ports, scanning removable media, and enforcing strong password policies. CISA notes no known public exploitation at this time.

CISA Issues Thirteen ICS Advisories on October 16, 2025

🔔 CISA released thirteen Industrial Control Systems (ICS) advisories on October 16, 2025, providing details on vulnerabilities and mitigations affecting multiple vendors. The advisories cover products from Rockwell Automation (FactoryTalk View Machine Edition, Linx, ViewPoint, ArmorStart AOP), Siemens (Solid Edge, SiPass Integrated, SIMATIC ET 200SP Communication Processors, SINEC NMS, TeleControl Server Basic, HyperLynx and Industrial Edge App Publisher), Hitachi Energy (MACH GWS), and updates for Schneider Electric and Delta Electronics. Administrators and operators are urged to review the technical details and apply recommended mitigations to reduce exposure and maintain operational continuity.

Hitachi Energy Asset Suite Log Injection Vulnerability

⚠️A vulnerability in Hitachi Energy Asset Suite (versions 9.7 and prior) permits an authenticated user to manipulate or inject performance log entries (CWE-117). Tracked as CVE-2025-10217, it has a CVSS v3.1 base score of 6.5 and CVSS v4 base score of 6.0; exploitation could enable further malicious actions by corrupting logs. Hitachi Energy recommends disabling performance logging and applying updates when available, while CISA advises network segmentation, firewall protections, and secure remote access to minimize exposure.

CISA Publishes Four ICS Advisories on October 9, 2025

🔔 CISA released four Industrial Control Systems (ICS) Advisories on October 9, 2025, covering vulnerabilities in Hitachi Energy Asset Suite, Rockwell Automation Lifecycle Services with Cisco, Rockwell Automation Stratix, and an update to Mitsubishi Electric Multiple FA Products. Each advisory provides technical details, risk ratings, and recommended mitigations. Administrators and asset owners should review the advisories promptly and apply mitigations or vendor patches to reduce exposure. CISA emphasizes timely review and implementation to protect operational environments.

Hitachi Energy MSM: XSS and Assertion Vulnerabilities

⚠️ Hitachi Energy reports multiple vulnerabilities in the MSM product that are exploitable remotely with low attack complexity. An XSS flaw in the EmbedThis GoAhead goform/formTest endpoint (name parameter) can allow HTML injection, while an assertion in open62541's fuzz_binary_decode can cause a crash. CVE-2023-53155 (CVSS 7.2) and CVE-2024-53429 (CVSS 7.5) are assigned. Vendors and CISA recommend disconnecting affected devices from internet-facing networks and following product-specific guidance.

CISA Issues Two ICS Advisories for Raise3D and Hitachi Energy

🔔 CISA released two Industrial Control Systems advisories on October 2, 2025, covering Raise3D Pro2 Series 3D printers (ICSA-25-275-01) and the Hitachi Energy MSM product (ICSA-25-275-02). Each advisory provides technical details on reported vulnerabilities, potential impacts to device confidentiality, integrity, or availability, and recommended mitigations including configuration changes and firmware updates where available. CISA encourages operators and administrators to review the advisories promptly, implement vendor recommendations, and apply compensating controls to reduce operational risk.

CISA Issues Six New Industrial Control Systems Advisories

🔔 CISA released six Industrial Control Systems (ICS) advisories on September 23, 2025, providing timely information on security issues, vulnerabilities, and potential exploits across multiple product families. The advisories cover AutomationDirect CLICK PLUS, Mitsubishi Electric MELSEC‑Q Series CPU Module, Schneider Electric SESU, Viessmann Vitogate 300, and two updates for Hitachi Energy RTU500 Series. Users and administrators are urged to review each advisory for technical details and apply recommended mitigations promptly.

CISA Issues Nine New ICS Advisories on Sep 18, 2025

🛡️ CISA released nine Industrial Control Systems (ICS) advisories on September 18, 2025, detailing vulnerabilities, exploits, and mitigations affecting multiple vendors and products. The advisories cover Westermo WeOS, Schneider Electric Saitel RTUs, Hitachi Energy Asset and Service Suites, Cognex In‑Sight devices, Dover Fueling Solutions ProGauge MagLink LX4 devices, plus updates for rail linking protocols and Mitsubishi FA engineering tools. Administrators and operators are urged to review the technical details and apply recommended mitigations promptly to reduce operational and safety risk.

Hitachi Energy Asset Suite: Multiple High-Risk Flaws

⚠️ Hitachi Energy has disclosed multiple high-severity vulnerabilities in Asset Suite, affecting versions 9.6.4.5 and earlier. The issues include SSRF, deserialization of untrusted data, cleartext password exposure, uncontrolled resource consumption, open redirect, and improper authentication that can lead to remote code execution. Customers should apply vendor-provided mitigations and upgrades immediately to reduce exposure.

Hitachi Energy Service Suite Deserialization Vulnerability

⚠️ Hitachi Energy disclosed a critical deserialization-of-untrusted-data vulnerability affecting Service Suite (versions prior to 9.6.0.4 EP4) that permits unauthenticated remote access via IIOP or T3 to compromise Oracle WebLogic Server. The issue is tracked as CVE-2020-2883 with a CVSS v4 base score of 9.3 and is characterized as remotely exploitable with low attack complexity. Hitachi Energy advises updating affected instances to version 9.8.2 or the latest release and applying vendor mitigation guidance immediately. CISA additionally recommends minimizing network exposure, isolating control networks behind firewalls, using up-to-date VPNs for remote access, and performing risk and impact assessments prior to deploying defensive changes.

Hitachi Energy RTU500 Series: Multiple DoS Vulnerabilities

⚠️ Hitachi Energy reported multiple vulnerabilities in the RTU500 series including null pointer dereference, XML parser flaws, heap and stack buffer overflows, integer overflow, and IEC 61850 message validation errors. Several CVEs have been assigned (e.g., CVE-2023-2953, CVE-2024-45490–45492, CVE-2024-28757, CVE-2025-39203, CVE-2025-6021) and the highest CVSS v4 score is 8.2. Exploitation could cause Denial-of-Service conditions such as device reboots or disconnects. Hitachi Energy provides firmware updates for affected 12.7.x–13.7.x releases and CISA recommends patching, minimizing network exposure, applying segmentation, and using secure remote access.

CISA Releases Four ICS Advisories on September 2, 2025

🛡️ CISA released four Industrial Control Systems (ICS) advisories on September 2, 2025, detailing vulnerabilities and recommended mitigations for Delta Electronics EIP Builder, Fuji Electric FRENIC-Loader 4, SunPower PVS6, and an update to Hitachi Energy Relion 670/650 and SAM600-IO Series. Each advisory includes technical analysis, affected versions, and practical guidance to reduce exploitation risk. Administrators and asset owners are urged to review the notices, prioritize affected systems, and apply vendor-recommended mitigations promptly.

CISA Publishes Nine ICS Advisories on August 28, 2025

🔔 On August 28, 2025, CISA released nine Industrial Control Systems (ICS) advisories that detail vulnerabilities, impacts, and recommended mitigations for multiple vendors and product families. The advisories cover Mitsubishi Electric, Schneider Electric, Delta Electronics, GE Vernova, and Hitachi Energy, and include several updates to prior notices. Operators and administrators are encouraged to review each advisory for affected versions, vendor patches, and configuration mitigations, and to prioritize remediation and monitoring to reduce operational risk.