ICSA-25-184-02 · Published 2025-07-03 · View on CISA ICS-CERT ↗

Hitachi Energy MicroSCADA X SYS600

CVSS 7.3 HIGH

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to tamper with the system file, overwrite files, create a denial-of-service condition, or leak file content.

CVEs (5)

CVE-2025-39201 CVE-2025-39202 CVE-2025-39203 CVE-2025-39204 CVE-2025-39205

Remediations

Hitachi Energy has identified the following specific workarounds and mitigations users can apply to reduce risk:
(CVE-2025-39201, CVE-2025-39202, CVE-2025-39204) Hitachi Energy MicroSCADA X SYS600 versions from 10.0 to 10.6: Update to version 10.7
The following product versions have been fixed:
MicroSCADA X SYS600 10.7 is a fixed version for CVE-2025-39201
For more information see the associated Hitachi Energy PSIRT security advisory 8DBD000218 Cybersecurity Advisory - Multiple vulnerabilities in Hitachi Energy MicroSCADA Pro/X SYS600 product.
MicroSCADA X SYS600 10.7 is a fixed version for CVE-2025-39202
(CVE-2025-39203) Hitachi Energy MicroSCADA X SYS600 versions from 10.5 to 10.6: Update to version 10.7
MicroSCADA X SYS600 10.7 is a fixed version for CVE-2025-39203
MicroSCADA X SYS600 10.7 is a fixed version for CVE-2025-39204
(CVE-2025-39205) Hitachi Energy MicroSCADA X SYS600 versions from 10.3 to 10.6: Update to version 10.7
MicroSCADA X SYS600 10.7 is a fixed version for CVE-2025-39205

Affected Vendors

Hitachi Energy

Affected Products (3)

Hitachi Energy · Hitachi Energy MicroSCADA Pro/X SYS600 >=10.0|<10.6

Hitachi Energy · Hitachi Energy MicroSCADA Pro/X SYS600 >=10.5|<10.6

Hitachi Energy · Hitachi Energy MicroSCADA Pro/X SYS600 >=10.3|<10.6

Affected Sectors

Energy

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more