Hitachi Energy PCM600

p a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-125-01.json" strong View CSAF /strong /a /p h2 Summary /h2 p strong Hitachi Energy is aware of a vulnerability that affects the Hitachi Energy PCM600 product versions listed in this document. An attacker successfully exploiting this vulnerability can impact integrity of the product. Please refer to the Recommended Immediate Actions for information about the mitigation/remediation. /strong /p p The following versions of Hitachi Energy PCM600 are affected: /p ul li PCM600 Legacy vers:PCM600_Legacy/ lt;=2.11 (CVE-2018-1002208) /li li PCM600 3.0, 3.0_HF1, 3.0_HF2, 3.0_HF3, 3.1, 3.1_SP1, 3.1_SP2, 3.1_SP3 (CVE-2018-1002208, CVE-2018-1002208, CVE-2018-1002208, CVE-2018-1002208, CVE-2018-1002208, CVE-2018-1002208, CVE-2018-1002208, CVE-2018-1002208) /li /ul div class="csaf-table" table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap thead tr th role="columnheader" data-tablesaw-priority="persist" CVSS /th th role="columnheader" Vendor /th th role="columnheader" Equipment /th th role="columnheader" Vulnerabilities /th /tr /thead tbody tr td v3 4.4 /td td Hitachi Energy /td td Hitachi Energy PCM600 /td td Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Energy /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong Switzerland /li /ul hr h2 Vulnerabilities /h2 div class="csaf-accordion" p a class="csaf-accordion-toggle-all" href="#" Expand All + /a /p div class="csaf-accordion-item" h3 a class="csaf-accordion-toggle" href="#" CVE-2018-1002208 /a /h3 div class="csaf-accordion-content" p SharpZipLib before 1.0 RC1 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'. /p p a href="https://www.cve.org/CVERecord?id=CVE-2018-1002208" View CVE Details /a /p hr h4 Affected Products /h4 h5 Hitachi Energy PCM600 /h5 div class="ics-vendor-version-status" div class="ics-vendor" strong Vendor: /strong br Hitachi Energy /div div class="ics-version" strong Product Version: /strong br PCM600 Legacy Version 2.11 and earlier, PCM600 3.0, PCM600 3.0 HF1, PCM600 3.0 HF2, PCM600 3.0 HF3, PCM600 3.1, PCM600 3.1 SP1, PCM600 3.1 SP2, PCM600 3.1 SP3 /div div class="ics-status" strong Product Status: /strong br known_affected /div /div div class="ics-remediations" h6 Remediations /h6 p strong None available /strong br Prior to acquisition, PCM600 product versions 2.11 and earlier were distributed under ABB’s organization. Some Hitachi Energy users may still be operating these legacy versions. While ABB continues to maintain the PCM600 2.x product line, Hitachi Energy now exclusively maintains and distributes the PCM600