CISA 2026-06-04

Hitachi Energy ITT600 Explorer

Machine-generated analysis · WAYSCloud LLM

The affected ITT600 Explorer versions include those prior to 2.1 SP6 and specifically 2.1 SP6 itself, with a patch available in 2.1 SP6 HF1.

Context

The advisory pertains to Hitachi Energy's ITT600 Explorer, a tool used for integrated testing in power systems. It identifies two vulnerabilities in the libexpat library that can lead to denial of service via uncontrolled recursion and resource allocation. The vulnerabilities affect only the ITT600 SA Explorer when IEC61850 server simulation is enabled, not the actual IEC 61850 endpoints. Notably, the advisory specifies that exploitation requires local access and a crafted IEC61850 message.

Operator considerations

Check: Inventory ITT600 Explorer instances running versions before or including 2.1 SP6, especially where IEC61850 server simulation is active.
Patch: Update to version 2.1 SP6 HF1 or upgrade to version 2.2 when available.
Log: Monitor for unexpected crashes or resource exhaustion in ITT600 Explorer processes if patching is delayed.

From Cybersecurity and Infrastructure Security Agency ↗

Hitachi Energy is aware of vulnerabilities that affect ITT600 Explorer product versions listed in this document. These vulnerabilities can be exploited to carry out Denial of Service (DoS) attack on the product. The vulnerabilities only affect Hitachi Energy Integrated Testing Tool ITT600 SA Explorer without affecting IEC 61850 system endpoints. Please refer to the Recommended Immediate Actions for information about the mitigation/remediation.

The following versions of Hitachi Energy ITT600 Explorer are affected:

ITT600 Explorer vers:ITT600_Explorer/

Read the full advisory on CISA →