What are the vulnerabilities reported in Hitachi Energy’s MicroSCADA X SYS600?

Hitachi Energy has reported several high to critical severity vulnerabilities in its MicroSCADA X SYS600 product, including CVE-2024-4872 (SQL injection), CVE-2024-3980 (argument injection), CVE-2024-3982 (authentication bypass), CVE-2024-7940 (missing authentication), and CVE-2024-7941 (URL redirection). These vulnerabilities could allow unauthorized access, modification of critical system files, and session hijacking.

What is the impact of CVE-2024-4872 in MicroSCADA X SYS600?

CVE-2024-4872 (CVSS score 9.9) is a critical SQL injection vulnerability caused by improper validation of user queries, allowing attackers to execute unauthorized commands, which could compromise system security and data integrity.

How does CVE-2024-3980 affect MicroSCADA X SYS600?

CVE-2024-3980 (CVSS score 9.9) is an argument injection flaw that could let attackers access or modify critical system files, compromising the integrity of the system. This could disrupt operations or lead to unauthorized access to sensitive data.

What should users of MicroSCADA X SYS600 do to protect against these vulnerabilities?

Users are strongly urged to update to MicroSCADA X SYS600 version 10.6, which addresses the reported vulnerabilities. Updating immediately is critical to mitigate the risks posed by these flaws.

What are the potential risks associated with these vulnerabilities in utility power systems?

These vulnerabilities pose significant risks, including unauthorized access, data manipulation, and potential disruption of power supply. Such disruptions could mirror past incidents where cyberattacks targeted power systems, such as those involving Russia’s Sandworm group against Ukrainian power infrastructure.

Which versions of MicroSCADA X SYS600 are affected by these vulnerabilities?

All versions of MicroSCADA X SYS600 prior to version 10.6 are affected by these vulnerabilities. Users should upgrade to version 10.6 to ensure their systems are secure.

Advisory

Hitachi reports critical flaws in its MicroSCADA X SYS600, urges patching

published: Aug. 28, 2024

Take action: Usual practices for ICS systems - isolate into separate network always apply. But do review the vulnerabilities and plan to patch - especially since even the vendor urges patching.

Learn More

Hitachi Energy has reported multiple high to critical severity vulnerabilities in its MicroSCADA X SYS600 product, which is widely used for monitoring and controlling utility power systems.

Reported vulnerabilities:

CVE-2024-4872 (CVSS score 9.9): This critical vulnerability involves SQL injection due to improper validation of user queries, allowing attackers to execute unauthorized commands.
CVE-2024-3980 (CVSS score 9.9): An argument injection flaw that could let attackers access or modify critical system files, compromising system integrity.
CVE-2024-3982 (CVSS score 8.2): An authentication bypass vulnerability enabling session hijacking. Exploitation requires local access and administrative rights to enable session logging, which is disabled by default.
CVE-2024-7940 (CVSS score 8.3): Missing authentication for a critical function, exposing services meant for local access to all network services without any security barriers.
CVE-2024-7941 (CVSS score 4.3): A less severe vulnerability that can redirect users to malicious websites, potentially leading to phishing attacks.

These vulnerabilities pose a significant risk to power companies that rely on MicroSCADA for real-time monitoring and control of substations. Attackers could disrupt power supply, similar to past incidents like those involving Russia’s Sandworm group targeting Ukrainian power systems.

Hitachi Energy has released version 10.6 of MicroSCADA X SYS600, which addresses these vulnerabilities. The company urges all users to update immediately to mitigate potential risks.

Hitachi reports critical flaws in its MicroSCADA X SYS600, urges patching