---
title: "Critical Vulnerabilities in Hitachi Energy ITT600 Explorer Trigger DoS Attacks"
short_title: "Hitachi Energy ITT600 Explorer DoS vulnerabilities"
description: "Hitachi Energy warns of high-severity flaws in ITT600 Explorer (CVE-2024-8176, CVE-2025-59375) enabling DoS attacks. Learn mitigation steps and affected versions."
author: "Vitus"
date: 2025-01-24
categories: [Cybersecurity, Vulnerabilities]
tags: [hitachi energy, dos, cve-2024-8176, cve-2025-59375, iec61850]
score: 0.78
cve_ids: [CVE-2024-8176, CVE-2025-59375]
---
## TL;DR
Hitachi Energy has disclosed two high-severity vulnerabilities (CVE-2024-8176 and CVE-2025-59375) in its ITT600 Explorer product, which could enable Denial of Service (DoS) attacks. These flaws affect versions prior to 2.1 SP6 HF1 and are exploitable via crafted IEC61850 messages. Immediate patching and network isolation are recommended to mitigate risks.
Main Content
### Introduction
Hitachi Energy has identified critical vulnerabilities in its ITT600 Explorer tool, a widely used solution in the energy sector for testing and simulating IEC61850 systems. These vulnerabilities, if exploited, could allow attackers to launch DoS attacks, disrupting operations in critical infrastructure. The flaws stem from issues in the libexpat library and affect specific versions of the product. This advisory details the vulnerabilities, their impact, and recommended mitigation steps.
### Key Points
- Affected Product: Hitachi Energy ITT600 Explorer (versions before 2.1 SP6 HF1).
- Vulnerabilities: CVE-2024-8176 (Uncontrolled Recursion) and CVE-2025-59375 (Allocation of Resources Without Limits or Throttling).
- CVSS Score: 7.5 (High) for both vulnerabilities.
- Exploitation Vector: Crafted IEC61850 messages sent by a malicious user with local access.
- Impact: DoS attacks or potential memory corruption in affected systems.
- Mitigation: Update to version 2.1 SP6 HF1 or upgrade to version 2.2 when available.
Technical Details
#### CVE-2024-8176: Uncontrolled Recursion
This vulnerability exists in the libexpat library, which is used by the IEC61850 functionality of the ITT600 Explorer. A stack overflow flaw allows attackers to exploit the system by sending a maliciously crafted IEC61850 message. Successful exploitation could lead to:
- Denial of Service (DoS) conditions.
- Memory corruption, depending on the environment and library usage.
The product is only affected if IEC61850 server simulation is enabled.
#### CVE-2025-59375: Allocation of Resources Without Limits or Throttling
This flaw also resides in the libexpat library and permits attackers to trigger large dynamic memory allocations by submitting a small document for parsing. Like CVE-2024-8176, this vulnerability is exploitable only if IEC61850 server simulation is active.
### Impact Assessment
The vulnerabilities pose significant risks to organizations in the energy sector, where ITT600 Explorer is deployed for testing and simulation. Exploitation could lead to:
- Operational disruptions due to DoS attacks.
- Potential memory corruption, which may be leveraged for further attacks.
- Compromised testing environments, affecting the reliability of IEC61850 systems.
Given the global deployment of Hitachi Energy products, these vulnerabilities could have widespread implications for critical infrastructure.
### Mitigation Steps
Hitachi Energy has provided the following remediation measures:
1. Apply Patches:
- Update to version 2.1 SP6 HF1 immediately.
- Upgrade to version 2.2 when it becomes available.
2. Network Isolation:
- Ensure ITT600 Explorer systems are not exposed to the internet.
- Isolate control system networks from business networks using firewalls.
3. Access Controls:
- Restrict local access to authorized personnel only.
- Implement strong password policies and multi-factor authentication (MFA).
4. Monitoring:
- Deploy intrusion detection systems (IDS) to monitor for suspicious activity.
- Regularly audit IEC61850 message logs for anomalies.
5. Best Practices:
- Follow CISA’s recommended cybersecurity practices for industrial control systems (ICS).
- Refer to Hitachi Energy’s Cybersecurity Advisory for additional guidance.
### Affected Systems
The following versions of Hitachi Energy ITT600 Explorer are affected:
- Versions prior to 2.1 SP6 HF1.
- Version 2.1 SP6 (if IEC61850 server simulation is enabled).
## Conclusion
The discovery of CVE-2024-8176 and CVE-2025-59375 underscores the importance of proactive cybersecurity measures in critical infrastructure. Organizations using Hitachi Energy ITT600 Explorer must patch affected systems immediately and implement network segmentation to mitigate risks. As cyber threats evolve, staying vigilant and adhering to best practices is essential to safeguarding industrial control systems.
For further details, refer to the CISA advisory and Hitachi Energy’s official documentation.
## References
[^1]: Hitachi Energy. "ICS Advisory (ICSA-26-155-02)". Retrieved 2025-01-24.
[^2]: CVE Details. "CVE-2024-8176". Retrieved 2025-01-24.
[^3]: CVE Details. "CVE-2025-59375". Retrieved 2025-01-24.
[^4]: CISA. "Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies". Retrieved 2025-01-24.