Hitachi Energy ITT600 Explorer Vulnerable to DoS Attacks
CISA alerts users to two critical vulnerabilities in Hitachi Energy's ITT600 Explorer product that could allow remote attackers to cause denial-of-service conditions.
Hitachi Energy's ITT600 Explorer product, a tool used for testing and simulating industrial control systems, is susceptible to two critical vulnerabilities that could enable remote denial-of-service (DoS) attacks. The vulnerabilities, identified as CVE-2024-8176 and CVE-2025-59375, affect versions of the ITT600 Explorer prior to 2.1 SP6. These flaws stem from the underlying libexpat library, which is used for parsing XML data, and are only exploitable when the IEC61850 server simulation feature is active.
CVE-2024-8176 is described as an uncontrolled recursion vulnerability within the libexpat library. A malicious actor could craft a specific IEC61850 message to trigger this flaw, potentially leading to a stack overflow. Depending on the system's configuration and how the library is utilized, this could result in a denial-of-service condition or, in some instances, exploitable memory corruption. The advisory emphasizes that this vulnerability is only present when the IEC61850 server simulation functionality is in use.
Similarly, CVE-2025-59375 involves the allocation of resources without limits or throttling. Attackers can exploit this by submitting a small, specially crafted document for parsing that triggers excessive dynamic memory allocation. This resource exhaustion can lead to the application or system becoming unresponsive, effectively causing a denial-of-service. As with the first vulnerability, this issue is confined to instances where the IEC61850 server simulation feature is enabled.
Both vulnerabilities carry a CVSS v3.1 base score of 7.5, classifying them as High severity. The attack vector is network-based (AV:N), requires no privileges (PR:N), and no user interaction (UI:N). The impact is limited to the availability of the affected system (A:H), with no confidentiality or integrity compromise expected.
Hitachi Energy has released a vendor fix, recommending users update to version 2.1 SP6 HF1. They also advise upgrading to version 2.2 when it becomes available. While the vulnerabilities do not directly affect IEC 61850 system endpoints, the ITT600 Explorer itself, used in critical infrastructure sectors such as energy, is at risk. The product is deployed globally, making the patching and mitigation of these flaws important for operational resilience.
CISA recommends that organizations minimize network exposure for all control system devices and ensure they are not accessible from the internet. Isolating control system networks behind firewalls and using secure remote access methods like VPNs are also advised. Organizations should perform thorough impact and risk assessments before implementing any defensive measures. General mitigation factors include physical protection of systems, network segmentation, and strict access control policies.
This advisory highlights the ongoing challenges in securing industrial control systems, where vulnerabilities in widely used libraries can have significant implications for operational technology. The reliance on specific features, like server simulation, for exploitability underscores the importance of understanding system configurations and potential attack surfaces within critical infrastructure environments.