Critical Vulnerabilities Expose Hitachi Energy MicroSCADA X SYS600 to Cyberattacks
Hitachi Energy has issued a cybersecurity advisory addressing multiple critical vulnerabilities discovered in their MicroSCADA X SYS600 product, widely used for monitoring and controlling power systems. The vulnerabilities, identified as CVE-2024-4872, CVE-2024-3980, CVE-2024-3982, CVE-2024-7940, and CVE-2024-7941, pose significant risks, including potential loss of confidentiality, integrity, and availability of the system.
The vulnerabilities identified in the advisory include:
- CVE-2024-4872 (CVSS 9.9 CRITICAL): This SQL Injection vulnerability stems from improper validation of queries towards persistent data. Exploiting this flaw could allow an attacker to execute arbitrary commands on the system, posing a severe threat to the overall security of the MicroSCADA X SYS600 product.
- CVE-2024-3980 (CVSS 9.9 CRITICAL): This vulnerability arises from improper neutralization of argument delimiters in a command. It allows attackers to manipulate filesystem operations, potentially accessing or modifying critical system files.
- CVE-2024-3982 (CVSS 8.2 HIGH): An authentication bypass vulnerability that could be exploited by attackers with local access to the system. By capturing and replaying session data, an attacker could hijack an active session, bypassing the system’s authentication mechanisms.
- CVE-2024-7940 (CVSS 8.3 HIGH): A missing authentication vulnerability in a service exposed to all network interfaces. Without proper authentication, this service could be exploited remotely, compromising the system.
- CVE-2024-7941 (CVSS 4.3 MEDIUM): This open redirect vulnerability could be used in phishing attacks, where attackers could redirect users to malicious sites and steal sensitive credentials.
The vulnerabilities affect MicroSCADA X SYS600 versions 10.5 and below. Hitachi Energy recommends that all users update to version 10.6 to mitigate these risks. The update addresses all the identified vulnerabilities and enhances the security of the system.
In addition to applying the update, Hitachi Energy advises users to implement robust security practices, such as:
- Physically protecting process control systems from unauthorized access.
- Ensuring there are no direct connections to the internet.
- Using firewalls to isolate control systems from other networks.
- Scanning portable devices and removable storage for malware before connecting them to the control system.
- Following strict password policies and access control measures.
