---
title: "Critical Vulnerability in Hitachi Energy AFS, AFR, and AFF Series Exposes Systems"
short_title: "Hitachi Energy products vulnerable to RADIUS forgery attacks"
description: "A critical vulnerability (CVE-2024-3596) in Hitachi Energy AFS, AFR, and AFF series threatens data integrity and availability. Learn mitigation steps and affected versions."
author: "Vitus"
date: 2025-01-24
categories: [Cybersecurity, Vulnerabilities]
tags: [hitachi energy, cve-2024-3596, radius vulnerability, critical infrastructure, ot security]
score: 0.85
cve_ids: [CVE-2024-3596]
---
TL;DR
A high-severity vulnerability (CVE-2024-3596) in Hitachi Energy’s AFS, AFR, and AFF series products allows attackers to forge RADIUS protocol responses, compromising data integrity and system availability. Immediate mitigation steps, including enabling the RADIUS server message authenticator, are recommended to reduce risks to critical energy infrastructure.
---
Main Content
Critical Vulnerability Discovered in Hitachi Energy Products
Hitachi Energy has disclosed a critical vulnerability affecting its AFS, AFR, and AFF series products, which are widely used in global energy infrastructure. The flaw, tracked as CVE-2024-3596, enables attackers to exploit weaknesses in the RADIUS protocol, potentially disrupting operations and compromising sensitive data. With a CVSS score of 9.0, this vulnerability poses a significant risk to organizations relying on these systems.
---
Key Points
- Vulnerability Impact: Successful exploitation could compromise data integrity and disrupt system availability, affecting critical energy infrastructure.
- Affected Products: Multiple versions of Hitachi Energy’s AFS, AFR, and AFF series, including AFS 660, AFS 670, AFR 677, and AFF 660.
- Attack Vector: The vulnerability stems from improper enforcement of message integrity in the RADIUS protocol, allowing forgery attacks via chosen-prefix collision.
- Mitigation Steps: Hitachi Energy recommends enabling the RADIUS server message authenticator and applying vendor-provided fixes immediately.
- Global Deployment: These products are deployed worldwide, primarily in the energy sector, amplifying the potential impact of this vulnerability.
---
Technical Details
#### Vulnerability Overview
The vulnerability (CVE-2024-3596) exploits a flaw in the RADIUS protocol (RFC 2865), which lacks robust message integrity enforcement. A local attacker can modify valid RADIUS responses—such as access-accept, access-reject, or access-challenge—by leveraging a chosen-prefix collision attack against the MD5-based response authenticator signature. This manipulation can lead to unauthorized access, data tampering, or service disruption.
#### Affected Systems
The following Hitachi Energy products and versions are affected:
- AFS Series: 660-B/C/S, 665-B/S, 670 v2.0, 650, 655, 670, 675, 677
- AFR Series: 677
- AFF Series: 660, 665
All versions of these products are known to be affected and require immediate attention.
#### CVSS Metrics
- CVSS Version: 3.1
- Base Score: 9.0 (Critical)
- Vector String: [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
- Attack Complexity: High (requires specific conditions for exploitation)
---
Impact Assessment
#### Sector-Specific Risks
The vulnerability primarily threatens the energy sector, a critical infrastructure industry. Compromised systems could lead to:
- Operational disruptions in power generation, transmission, or distribution.
- Data manipulation, resulting in incorrect system readings or unauthorized control actions.
- Regulatory compliance violations, as energy providers are often subject to strict cybersecurity standards.
#### Global Reach
Hitachi Energy’s products are deployed worldwide, with headquarters in Switzerland. Organizations across Europe, North America, and Asia may be at risk, emphasizing the need for a coordinated response.
---
Mitigation Steps
Hitachi Energy has provided the following immediate actions to mitigate the vulnerability:
#### For All Affected Products:
1. Enable RADIUS Server Message Authenticator:
- Set the RADIUS configuration to default to enable the message authenticator option.
2. Apply Vendor Fixes:
- AFR 677, AFS 650, AFS 655, AFS 670, AFS 675, AFS 677:
- CLI Command: `radius server msgauth`
- MIB: `hmAgentRadiusServerMsgAuth`
- AFF 660, AFF 665, AFS 660-B/C/S, AFS 665-B/S, AFS 670 v2.0:
- CLI Command: `radius server auth modify msgauth`
- MIB: `hm2AgentRadiusServerMsgAuth`
3. Refer to Official Advisory:
- For detailed guidance, consult Hitachi Energy’s PSIRT security advisory 8DBD000230: [RADIUS Vulnerability in Hitachi Energy AFS, AFR, and AFF Series](https://www.hitachienergy.com).
#### Additional Recommendations from CISA
The Cybersecurity and Infrastructure Security Agency (CISA) recommends the following best practices to minimize risks:
- Network Segmentation: Isolate control system networks from business networks using firewalls.
- Remote Access Security: Use secure methods like VPNs for remote access, ensuring they are updated to the latest version.
- Defensive Measures: Implement defense-in-depth strategies and regularly monitor for suspicious activity.
- User Awareness: Train employees to recognize social engineering attacks, such as phishing emails.
---
Conclusion
The discovery of CVE-2024-3596 in Hitachi Energy’s AFS, AFR, and AFF series highlights the ongoing risks to critical infrastructure systems. Organizations must act swiftly to apply mitigations, including enabling the RADIUS message authenticator and isolating affected systems. As no public exploitation has been reported yet, proactive measures can prevent potential attacks and safeguard energy operations worldwide.
For further updates, monitor CISA’s advisories and Hitachi Energy’s official communications.
---
References
[^1]: CISA. "[ICS Advisory (ICSA-25-350-03) - Hitachi Energy AFS, AFR, and AFF Series](https://www.cisa.gov/news-events/ics-advisories/icsa-25-350-03)". Retrieved 2025-01-24.
[^2]: Hitachi Energy. "[PSIRT Advisory 8DBD000230 - RADIUS Vulnerability in AFS, AFR, and AFF Series](https://www.hitachienergy.com)". Retrieved 2025-01-24.
[^3]: NIST. "[CVE-2024-3596 Detail](https://nvd.nist.gov/vuln/detail/CVE-2024-3596)". Retrieved 2025-01-24.