Hitachi Energy IEC 61850 MMS-Server (Update A)

View CSAF

1. EXECUTIVE SUMMARY

• CVSS v3 5.9
• ATTENTION: Exploitable remotely
• Vendor: Hitachi Energy
• Equipment: IEC 61850 MMS-Server
• Vulnerability: Improper Resource Shutdown or Release

2. RISK EVALUATION

Successful exploitation of this vulnerability could cause products using the IEC 61850 MMS-server communication stack to stop accepting new MMS-client connections.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following versions Hitachi Energy equipment using the IEC 61850 communication stack are affected:

• Relion 670/650/SAM600-IO: Version 2.2.5 up to revision 2.2.5.5
• Relion 670/650: Version 2.2.4 up to revision 2.2.4.3
• Relion 670: Version 2.2.3 up to revision 2.2.3.6
• Relion 670: Version 2.2.2 up to revision 2.2.2.5
• Relion 670/650/SAM600-IO 2.2.1: All revisions
• Relion 670/650 version 2.2.0: All revisions
• Relion 670/650: Version 2.1 up to revision 2.1.0.5 (Limited)
• Relion 670: Version 2.0 up to revision 2.0.0.13 (Limited)
• Relion 670: Version 1.2 up to 1.2.3.22 (Limited)
• Relion 650 1.1: All revisions (Limited)
• Relion 650 1.3: All revisions (Limited)

3.2 VULNERABILITY OVERVIEW

3.2.1 IMPROPER RESOURCE SHUTDOWN OR RELEASE CWE-404

A vulnerability exists in the IEC 61850 communication stack of the Relion 670, 650 and SAM600-IO products versions listed below. An attacker could exploit the vulnerability by using a specially crafted message sequence to force the IEC 61850 MMS-server communication stack to stop accepting new MMS-client connections. Already existing/established client-server connections are not affected

CVE-2022-3353 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.9 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).

3.3 BACKGROUND

• CRITICAL INFRASTRUCTURE SECTORS: Energy
• COUNTRIES/AREAS DEPLOYED: Worldwide
• COMPANY HEADQUARTERS LOCATION: Switzerland

3.4 RESEARCHER

Hitachi Energy reported this vulnerability to CISA.

4. MITIGATIONS

Hitachi Energy provided updates for the following products. Contact Hitachi Energy for update information.

• Relion 670/650/SAM600-IO: Update to version 2.2.5.6 or latest
• Relion 670/650: Update to version 2.2.4.4 or latest
• Relion 670: Update to version 2.2.3.7 or latest
• Relion 670: Update to version 2.2.2.6 or latest
• Relion 670/650/SAM600-IO 2.2.1: Follow general mitigation factors
• Relion 670/650 version 2.2.0: Follow general mitigation factors
• Relion 670/650: Update to version 2.1.0.6 or latest
• Relion 670: Update to version 2.0.0.14 or latest
• Relion 670: Update to version 1.2.3.23 or latest
• Relion 650 1.1: Follow general mitigation factors
• Relion 650 1.3: Follow general mitigation factors

For all versions, Hitachi Energy recommends that users apply these general mitigation factors:

• Upgrade the system once a remediated version is available.
• Apply Hitachi Energy recommended security practices and firewall configurations to help protect a process control network from attacks that originate from outside the network. Such practices include:
• Physically protecting process control systems from direct access by unauthorized personnel.
• Not allowing direct connections to the internet.
• Process control systems should not be used for internet surfing, instant messaging, or receiving emails.
• Use a firewall system that has a minimal number of exposed ports to separate the process control network from other networks.
• Connection to other networks must be evaluated as necessary.
• Scan portable computers and removable storage media carefully for viruses before connection to a control system.
• MSM is not designed nor intended to be connected to the internet. Disconnect the device from any internet facing network.
• Adopt user access management and updated antivirus protection engines equipped with the latest signature rules for computers that have installed and are operating the MMS Client application.
• Use the default operating system (OS) user access management function to limit unauthorized access and/or rogue commands via the MMS Client application.

For more information, see Hitachi Energy's advisory 8DBD000127.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

• Do not click web links or open attachments in unsolicited email messages.
• Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.
• Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.

5. UPDATE HISTORY

• March 30, 2023: Initial Republication of Hitachi Energy 8DBD000127
• June 5, 2025: Update A - Update to Affected Products and Mitigations

• Hitachi Energy