Skip to main content
Emerging Threats

Hitachi Energy’s XMC20: A New Era in Energy Solutions

Hitachi Energy’s XMC20: A New Era in Energy Solutions

1. EXECUTIVE SUMMARY

  • CVSS v4 6.9
  • ATTENTION: Exploitable remotely/low attack complexity
  • Vendor: Hitachi Energy
  • Equipment: XMC20
  • Vulnerability: Relative Path Traversal

2. RISK EVALUATION

The vulnerability identified in Hitachi Energy’s XMC20 equipment poses a significant risk. Successful exploitation could enable an attacker to access sensitive files or directories that are outside the authorized scope, potentially leading to unauthorized data exposure or manipulation. This risk is heightened by the remote exploitability and low complexity of the attack, making it accessible to a wide range of potential adversaries.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

Hitachi Energy has confirmed that the following versions of the XMC20 are affected by the vulnerability:

  • XMC20: R15A and prior including all subversions
  • XMC20: R15B
  • XMC20: R16A
  • XMC20: R16B Revision C (cent2_r16b04_02, co5ne_r16b04_02) and older including all subversions

3.2 VULNERABILITY OVERVIEW

3.2.1 RELATIVE PATH TRAVERSAL CWE-23

The vulnerability, classified as a Relative Path Traversal (CWE-23), allows an attacker to traverse the file system of the XMC20 device. This could lead to unauthorized access to files that should be restricted. The vulnerability has been assigned the identifier CVE-2024-2461, with a CVSS v3 base score of 4.9 and a CVSS v4 base score of 6.9, indicating a moderate to high severity level.

3.3 BACKGROUND

  • CRITICAL INFRASTRUCTURE SECTORS: Energy, Government Services and Facilities, Transportation Systems
  • COUNTRIES/AREAS DEPLOYED: Worldwide
  • COMPANY HEADQUARTERS LOCATION: Switzerland

3.4 RESEARCHER

The vulnerability was reported to Hitachi Energy by researchers Darius Pavelescu and Bernhard Rader from Limes Security, highlighting the importance of collaboration between industry and security researchers in identifying and mitigating vulnerabilities.

4. MITIGATIONS

To mitigate the risks associated with this vulnerability, Hitachi Energy has recommended the following actions:

  • XMC20 R16B Revision C (cent2_r16b04_02, co5ne_r16b04_02) and older including all subversions: Update to XMC20 R16B Revision D, version (cent2_r16b04_07, co5ne_r16b04_07) and apply general mitigation factors. Users are urged to implement this update as soon as possible.
  • XMC20 R15B: It is recommended to update to XMC20 R16B Revision D, version (cent2_r16b04_07, co5ne_r16b04_07) and apply general mitigation factors.
  • XMC20 R15A and older including all subversions, XMC20 R16A: These are end-of-life (EOL) versions with no available remediation. Users should update to XMC20 R16B Revision D, version (cent2_r16b04_07, co5ne_r16b04_07) and apply general mitigation factors.

The fixed version is:

  • XMC20 R16B Revision D, version (cent2_r16b04_07, co5ne_r16b04_07): This version addresses the identified vulnerability.

Hitachi Energy also emphasizes the importance of implementing robust security practices, including firewall configurations to protect process control networks from external threats. Recommendations include ensuring that process control systems are physically secured, not directly connected to the Internet, and isolated from other networks through firewalls with minimal exposed ports. Additionally, these systems should not be used for activities such as Internet browsing or email access, and any portable devices should be scanned for malware before connecting to control systems.

The Cybersecurity and Infrastructure Security Agency (CISA) advises organizations to conduct thorough impact analyses and risk assessments before deploying any defensive measures. CISA also provides resources for recommended practices in securing industrial control systems, which can be found on their website.

As of now, there have been no reported public exploitations specifically targeting this vulnerability.

5. UPDATE HISTORY

  • March 4, 2025: Initial Publication