Hitachi Energy Issues Urgent Warning to Upgrade MicroSCADA X SYS600 System
Hitachi Energy is strongly advising all customers using its MicroSCADA X SYS600 product, a system designed for monitoring and controlling utility power systems, to promptly upgrade to the latest version in order to address several critical and high-severity vulnerabilities. These vulnerabilities were discovered and disclosed by Hitachi Energy, with the potential to cause significant confidentiality, integrity, and availability issues on affected systems.
The MicroSCADA X SYS600 system, acquired by Hitachi Energy through the purchase of ABB’s Power Grids business, is a widely deployed technology currently in use across more than 10,000 substations. It plays a vital role in managing and monitoring power distribution networks in various sectors such as power grids, process industries, data centers, seaports, hospitals, railways, and even at least 30 airports.
The risks associated with these vulnerabilities are substantial, as power companies rely on MicroSCADA for real-time monitoring and control of equipment in transmission and distribution substations. The system offers essential features like disturbance analysis, power quality monitoring, and manual as well as automatic control functionalities.
Hitachi Energy has identified five vulnerabilities affecting MicroSCADA X SYS600 versions 10.5 and below, with one additional vulnerability present in versions 10.2 to 10.5. Customers using these vulnerable versions are urged to update to version 10.6 immediately to mitigate the security risks posed by these flaws.
While there have been no reported exploits of these vulnerabilities in the wild at the time of the advisory publication, the potential for malicious actors to target systems like MicroSCADA for cyber attacks cannot be underestimated. Recent incidents, including Russian threat actors targeting power systems in Ukraine, have demonstrated the real-world impact of such attacks on critical infrastructure.
To address the vulnerabilities, Hitachi Energy has assigned CVE identifiers to the issues: CVE-2024-4872, CVE-2024-3980, CVE-2024-3982, CVE-2024-7940, and CVE-2024-7941. Four of these vulnerabilities have received severity ratings of 8.2 or higher on the CVSS scale, indicating the critical nature of the security flaws.
Two vulnerabilities, CVE-2024-4872 and CVE-2024-3980, are considered the most severe with a near-maximum CVSS score of 9.9. These vulnerabilities could enable SQL injection attacks and argument injection attacks, respectively, potentially leading to unauthorized access and manipulation of critical system files.
CVE-2024-3982, an authentication bypass vulnerability with a CVSS score of 8.2, allows for session hijacking but requires local access to the affected system and enabling of session logging. CVE-2024-7940 exposes a critical function to all network services without authentication, while CVE-2024-7941 poses a lower-severity risk by redirecting users to malicious sites.
By addressing these vulnerabilities promptly and upgrading to the latest version of MicroSCADA X SYS600, customers can significantly reduce the risk of potential security breaches and ensure the continued safe and reliable operation of their power systems. It is crucial for organizations to prioritize cybersecurity measures in critical infrastructure to safeguard against evolving threats and protect essential services from disruption.