1. EXECUTIVE SUMMARY
- CVSS v3 Score: 6.7
- Vendor: Hitachi Energy
- Equipment: MACH PS700
- Vulnerability: Uncontrolled Search Path Element
2. RISK EVALUATION
The identified vulnerability in the Hitachi Energy MACH PS700 could allow an attacker to escalate privileges, potentially leading to unauthorized control over the software. This risk is particularly concerning given the critical role of the MACH PS700 in energy infrastructure, where security breaches can have widespread implications.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
According to Hitachi Energy, the following product is affected:
- MACH PS700: Version v2
3.2 VULNERABILITY OVERVIEW
3.2.1 UNCONTROLLED SEARCH PATH ELEMENT CWE-427
This vulnerability, classified as CWE-427, exists in certain versions of Intel(R) Chipset Device Software prior to Version 10.1.19444.8378. It allows an authenticated user to escalate privileges through local access, which could lead to unauthorized actions within the system. The vulnerability has been assigned the identifier CVE-2023-28388, with a CVSS v3 base score of 6.7, indicating a moderate level of risk.
3.3 BACKGROUND
- CRITICAL INFRASTRUCTURE SECTORS: Energy
- COUNTRIES/AREAS DEPLOYED: Worldwide
- COMPANY HEADQUARTERS LOCATION: Switzerland
3.4 RESEARCHER
The vulnerability was reported to the Cybersecurity and Infrastructure Security Agency (CISA) by Hitachi Energy’s Product Security Incident Response Team (PSIRT).
4. MITIGATIONS
To mitigate the risks associated with this vulnerability, Hitachi Energy recommends the following actions:
- MACH PS700 v2 System: Users should install patch scripts to safely remove the vulnerable software. For tailored remediation strategies, users are encouraged to contact their local account team.
Additionally, CISA advises implementing defensive measures to minimize the risk of exploitation, including:
- Minimize network exposure: Ensure that all control system devices are not accessible from the Internet.
- Network segmentation: Place control system networks and remote devices behind firewalls, isolating them from business networks.
- Secure remote access: When remote access is necessary, utilize secure methods such as Virtual Private Networks (VPNs), while ensuring these are updated and secure.
CISA emphasizes the importance of conducting a thorough impact analysis and risk assessment before deploying any defensive measures. Organizations are also encouraged to follow established procedures for reporting suspected malicious activity to CISA.
As of now, there have been no reported public exploitations targeting this vulnerability, and it is not exploitable remotely. However, the complexity of the attack is considered high, necessitating careful attention from organizations utilizing the affected systems.
5. UPDATE HISTORY
- March 04, 2025: Initial Publication




