BetaIT-Hub is in early access — your feedback helps us improve. Use the chat or email [email protected]

News Vulnerability
VulnerabilityCISA·1d ago

Hitachi Energy ITT600 Explorer

p a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-155-02.json" strong View CSAF /strong /a /p h2 Summary /h2 p strong Hitachi Energy is aware of vulnerabilities that affect ITT600 Explorer product versions listed in this document. These vulnerabilities can be exploited to carry out Denial of Service (DoS) attack on the product. The vulnerabilities only affect Hitachi Energy Integrated Testing Tool ITT600 SA Explorer without affecting IEC 61850 system endpoints. Please refer to the Recommended Immediate Actions for information about the mitigation/remediation. /strong /p p The following versions of Hitachi Energy ITT600 Explorer are affected: /p ul li ITT600 Explorer vers:ITT600_Explorer/ lt;2.1_SP6, vers:ITT600_Explorer/ lt;=2.1_SP6, 2.1_SP6 (CVE-2024-8176, CVE-2025-59375) /li /ul div class="csaf-table" table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap thead tr th role="columnheader" data-tablesaw-priority="persist" CVSS /th th role="columnheader" Vendor /th th role="columnheader" Equipment /th th role="columnheader" Vulnerabilities /th /tr /thead tbody tr td v3 7.5 /td td Hitachi Energy /td td Hitachi Energy ITT600 Explorer /td td Uncontrolled Recursion, Allocation of Resources Without Limits or Throttling /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Energy /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong Switzerland /li /ul hr h2 Vulnerabilities /h2 div class="csaf-accordion" p a class="csaf-accordion-toggle-all" href="#" Expand All + /a /p div class="csaf-accordion-item" h3 a class="csaf-accordion-toggle" href="#" CVE-2024-8176 /a /h3 div class="csaf-accordion-content" p A stack overflow vulnerability exists in the libexpat library used by the IEC61850 functionality supported by the product. A malicious user with local access could use a crafted IEC61850 message to exploit the vulnerability in the libexpat library. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage. Product is only affected if IEC61850 server simulation is used. /p p a href="https://www.cve.org/CVERecord?id=CVE-2024-8176" View CVE Details /a /p hr h4 Affected Products /h4 h5 Hitachi Energy ITT600 Explorer /h5 div class="ics-vendor-version-status" div class="ics-vendor" strong Vendor: /strong br Hitachi Energy /div div class="ics-version" strong Product Version: /strong br ITT600 Explorer before version 2.1 SP6 /div div class="ics-status" strong Product Status: /strong br fixed, known_affected /div /div div class="ics-remediations" h6 Remediations /h6 p strong Vendor fix /strong br Update to version 2.1 SP6 HF1 /p p strong Vendor fix /strong br Upgrade to version 2.2 when available /p /div p strong Relevant CWE: /strong a href="https://cwe.mitre.org/data/definitions/674.html" CWE-674 Uncontrolled

Sign in to read the full article

Create a free account to access all news, downloads, and community features

Sign inCreate account

Originally published by CISA

Source: https://www.cisa.gov/news-events/ics-advisories/icsa-26-155-02

This article is shared for informational purposes. All rights belong to the original author and publisher. If you are the copyright holder and would like this content removed, please contact us.

Shared on IT-Hub by admin