← Back to home
ICSA-26-125-01  ·  Published 2026-05-05  ·  View on CISA ICS-CERT ↗

Hitachi Energy PCM600

CVSS 4.4 MEDIUM

Risk Summary

Hitachi Energy is aware of a vulnerability that affects the Hitachi Energy PCM600 product versions listed in this document. An attacker successfully exploiting this vulnerability can impact integrity of the product. Please refer to the Recommended Immediate Actions for information about the mitigation/remediation.

CVEs (1)

Remediations

  • Prior to acquisition, PCM600 product versions 2.11 and earlier were distributed under ABB’s organization. Some Hitachi Energy users may still be operating these legacy versions. While ABB continues to maintain the PCM600 2.x product line, Hitachi Energy now exclusively maintains and distributes the PCM600 3.x product line. ABB has recently published a cybersecurity advisory [2NGA002813] (https://library.e.abb.com/public/ec33308ad2c34f92bab09df09c66954d/2NGA002813_PCM600_Sharpziplib_Vulnerability.pdf) with their recommended actions for this same vulnerability. However, because Hitachi Energy does not maintain or validate the PCM600 2.x releases, they cannot assess or guarantee the compatibility of ABB’s recommended updates with other Hitachi Energy IEDs (Relion 670 series, 650 series, SAM600, PWC600). PCM600 versions 3.0, and later are the Hitachi Energy maintained and validated versions, Hitachi Energy strongly recommends users to migrate to these versions. Additionally, please follow Hitachi Energy's [Industrial Control Systems Best Practices,](https://publisher.hitachienergy.com/preview?DocumentID=8DBD000235&LanguageCode=en&DocumentPartId=&Action=Launch) until the planned remediation is released. Contact your support representative for more detailed guidance tailored to your deployment.
  • Ensure that Chapter 4 of Cyber Security Deployment Guideline - 1MRK505410 has been followed during the deployment. Ensure that no default credentials are in use. In case of exceptions, please ensure they have been mitigated with adequate countermeasures.
  • Update to PCM600 3.1 SP4 (Update Planned)

Affected Vendors

Hitachi Energy

Affected Products (9)

Hitachi Energy · PCM600 Legacy vers:PCM600_Legacy/<=2.11
Hitachi Energy · PCM600 3.0
Hitachi Energy · PCM600 3.0_HF1
Hitachi Energy · PCM600 3.0_HF2
Hitachi Energy · PCM600 3.0_HF3
Hitachi Energy · PCM600 3.1
Hitachi Energy · PCM600 3.1_SP1
Hitachi Energy · PCM600 3.1_SP2
Hitachi Energy · PCM600 3.1_SP3

Affected Sectors

Energy

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more