All CISA Advisories, EN

Hitachi Energy ITT600 Explorer

View CSAF

Summary

Hitachi Energy is aware of vulnerabilities that affect ITT600 Explorer product versions listed in this document. These vulnerabilities can be exploited to carry out Denial of Service (DoS) attack on the product. The vulnerabilities only affect Hitachi Energy Integrated Testing Tool ITT600 SA Explorer without affecting IEC 61850 system endpoints. Please refer to the Recommended Immediate Actions for information about the mitigation/remediation.

The following versions of Hitachi Energy ITT600 Explorer are affected:

  • ITT600 Explorer vers:ITT600_Explorer/<2.1_SP6, vers:ITT600_Explorer/<=2.1_SP6, 2.1_SP6 (CVE-2024-8176, CVE-2025-59375)
CVSS Vendor Equipment Vulnerabilities
v3 7.5 Hitachi Energy Hitachi Energy ITT600 Explorer Uncontrolled Recursion, Allocation of Resources Without Limits or Throttling

Background

  • Critical Infrastructure Sectors: Energy
  • Countries/Areas Deployed: Worldwide
  • Company Headquarters Location: Switzerland

Vulnerabilities

Expand All +

CVE-2024-8176

A stack overflow vulnerability exists in the libexpat library used by the IEC61850 functionality supported by the product. A malicious user with local access could use a crafted IEC61850 message to exploit the vulnerability in the libexpat library. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage. Product is only affected if IEC61850 server simulation is used.

View CVE Details

Affected Products

Hitachi Energy ITT600 Explorer
Vendor:
Hitachi Energy
Product Version:
ITT600 Explorer before version 2.1 SP6
Product Status:
fixed, known_affected
Remediations

Vendor fix
Update to version 2.1 SP6 HF1

Vendor fix
Upgrade to version 2.2 when available

Relevant CWE: CWE-674 Uncontrolled Recursion

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2025-59375

A vulnerability exists in libexpat used by the product allowing attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing. Product is only affected if IEC61850 server simulation is used.

View CVE Details

Affected Products

Hitachi Energy ITT600 Explorer
Vendor:
Hitachi Energy
Product Version:
ITT600 Explorer version 2.1 SP6 and prior
Product Status:
known_affected
Remediations

Vendor fix
Update to version 2.1 SP6 HF1

Vendor fix
Upgrade to version 2.2 when available

Relevant CWE: CWE-770 Allocation of Resources Without Limits or Throttling

Metrics

Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from All CISA Advisories

Read the original article:

CVSS Version Base Score Base Severity Vector String