Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Hitachi Energy — Vulnerabilities & Security Advisories 102

Browse all 102 CVE security advisories affecting Hitachi Energy. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Hitachi Energy operates as a global technology leader specializing in electrification products, grid automation, and renewable energy solutions. Its portfolio includes critical infrastructure components such as power transformers, high-voltage direct current systems, and digital grid management software, making it a vital node in global energy distribution. Security assessments reveal a historical prevalence of common vulnerability classes, including remote code execution, cross-site scripting, and privilege escalation flaws, particularly within its industrial control software and web-based management interfaces. These weaknesses often stem from legacy codebases and complex integration requirements inherent in operational technology environments. While no catastrophic public breaches have been widely documented, the sheer volume of recorded CVEs indicates persistent challenges in patching distributed assets. The company maintains rigorous internal security protocols, yet the attack surface remains expansive due to the interconnected nature of modern smart grids and the long lifecycle of installed hardware.

Top products by Hitachi Energy: FOXMAN-UN MicroSCADA X SYS600 RTU500 series CMU Firmware SDM600 RTU500 RTU500 series TXpert Hub CoreTec 4 version TropOS 4th Gen Asset Suite TRMTracker MicroSCADA SYS600 eSOMS FOX61x Relion REB500 Relion 670/650 and SAM600-IO Relion 670 Series MACH System Software NSD570 Teleprotection Equipment TRO600 MSM MACH SCM SuprOS Retail Operations MACH SCM Server Asset Suite EAM FOX61x TEGO1 Relion 670/650/SAM600-IO Series RTU500 Scripting Interface LinkOne Relion670
CVE IDTitleCVSSSeverityPublished
CVE-2023-5516 Hitachi Energy Electronic Shift Operations Management System 安全漏洞 — eSOMSCWE-200 5.3 Medium2023-11-01
CVE-2023-5515 Hitachi eSOMS 信息泄露漏洞 — eSOMSCWE-200 5.3 Medium2023-11-01
CVE-2023-5514 Hitachi eSOMS 安全漏洞 — eSOMSCWE-209 5.3 Medium2023-11-01
CVE-2023-2622 Hitachi Energy MACH System Software 安全漏洞 — MACH System SoftwareCWE-668 2.7 Low2023-11-01
CVE-2023-2621 Hitachi Energy MACH System Software 路径遍历漏洞 — MACH System SoftwareCWE-22 6.5 Medium2023-11-01
CVE-2023-4816 Hitachi Energy Asset Suite 授权问题漏洞 — Asset Suite 9CWE-287 6.9 Medium2023-09-11
CVE-2022-4608 Hitachi Energy RTU500 缓冲区错误漏洞 — RTU500 seriesCWE-787 7.5 High2023-07-26
CVE-2022-2502 Hitachi Energy RTU500 输入验证错误漏洞 — RTU500 seriesCWE-20 7.5 High2023-07-26
CVE-2023-2625 Hitachi Energy TXpert Hub CoreTec 4 操作系统命令注入漏洞 — TXpert Hub CoreTec 4CWE-78 9.0 Critical2023-06-28
CVE-2023-1711 Hitachi FOXMAN-UN 安全漏洞 — FOXMAN-UNCWE-117 4.0 Medium2023-05-30
CVE-2022-3685 SDM600 software privilege level — SDM600CWE-285 7.5 High2023-03-28
CVE-2022-3686 SDM600 API permission check — SDM600CWE-285 4.8 Medium2023-03-28
CVE-2022-3684 SDM600 endpoint vulnerability — SDM600CWE-404 7.5 High2023-03-28
CVE-2022-3683 SDM600 API web services authorization validation — SDM600CWE-285 7.7 High2023-03-28
CVE-2022-3682 SDM600 file permission validation — SDM600CWE-434 9.9 Critical2023-03-28
CVE-2022-3353 IEC 61850 MMS-Server Vulnerability in multiple Hitachi Energy Products — FOX61x TEGO1CWE-404 5.9 Medium2023-02-21
CVE-2022-2155 A vulnerability exists in the Lumada APM’s User Asset Group feature due to a flaw in access control mechanism implementation on the “Limited Engineer” role. — Lumada APMCWE-863 5.7 Medium2023-01-12
CVE-2022-3929 Communication between the client and server partially using CORBA over TCP/IP — FOXMAN-UNCWE-319 8.3 High2023-01-05
CVE-2022-3928 Hardcoded credential is found in the message queue — FOXMAN-UNCWE-798 7.1 High2023-01-05
CVE-2022-3927 The affected products store public and private key that are used to sign and protect custom parameter set files from modification. — FOXMAN-UNCWE-798 8.0 High2023-01-05
CVE-2021-40342 Use of default key for encryption — FOXMAN-UNCWE-798 7.1 High2023-01-05
CVE-2021-40341 Weak DES encryption — FOXMAN-UNCWE-326 7.1 High2023-01-05
CVE-2022-2513 Cleartext Credentials Vulnerability on Hitachi Energy’s Multiple IED Connectivity Packages (IED ConnPacks) and PCM600 Products — PCM600CWE-312 7.1 High2022-11-22
CVE-2022-3388 Input Validation Vulnerability in Hitachi Energy’s MicroSCADA Pro/X SYS600 Products — MicroSCADA Pro SYS600CWE-20 8.8 High2022-11-21
CVE-2022-29492 A vulnerability exists in the handling of a malformed IEC 104 TCP packet. Upon receiving a malformed IEC 104 TCP packet, the malformed packet is dropped, however the TCP connection is left open. This may cause a denial-of-service if the affected conne ... — MicroSCADA X SYS600CWE-20 5.3 Medium2022-09-14
CVE-2022-1778 A vulnerability exists during the start of the affected SYS600, where an input validation flaw causes a buffer-overflow while reading a specific configuration file. Subsequently SYS600 will fail to start. The configuration file can only be accessed by ... — MicroSCADA X SYS600CWE-119 7.5 High2022-09-14
CVE-2022-29922 A vulnerability exists in the handling of a specially crafted IEC 61850 packet with a valid data item but with incorrect data type in the IEC 61850 OPC Server. The vulnerability may cause a denial-of-service on the IEC 61850 OPC Server part of the SYS ... — MicroSCADA X SYS600CWE-20 7.5 High2022-09-14
CVE-2022-2277 A vulnerability exists in the ICCP stack of the affected SYS600 versions due to validation flaw in the process that establishes the ICCP communication. The validation flaw will cause a denial-of-service when ICCP of SYS600 is request to forward any da ... — MicroSCADA X SYS600CWE-1284 7.5 High2022-09-14
CVE-2022-29490 A vulnerability exists in the Workplace X WebUI in which an authenticated user is able to execute any MicroSCADA internal scripts irrespective of the authenticated user's role. — MicroSCADA X SYS600CWE-285 8.5 High2022-09-12
CVE-2021-40336 HTTP Response Splitting in Hitachi Energy’s MSM Product — MSMCWE-113 5.0 Medium2022-07-25

This page lists every published CVE security advisory associated with Hitachi Energy. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.