CISA 2026-06-04

Hitachi Energy MACH HiDraw

CVE-2026-7310

Machine-generated analysis · WAYSCloud LLM

The vulnerability affects MACH HiDraw versions 9.22 and prior, with exploitation requiring authenticated local access and a specially crafted XML file.

Context

Hitachi Energy MACH HiDraw is a software product used in industrial environments. The advisory states that a heap-based buffer overflow exists in the XML parser functionality, which could lead to application crashes and potential arbitrary code execution. Exploitation requires authentication and local access, indicating limited remote attack surface. The vendor notes deployment in critical infrastructure sectors including energy, dams, and transportation systems.

Operator considerations

Check: Inventory MACH HiDraw systems for versions 9.22 and earlier
Patch: Upgrade to version 9.23 or contact the local account team for upgrade guidance
Log: Monitor for unusual XML file handling or application crashes in MACH HiDraw

From Cybersecurity and Infrastructure Security Agency ↗

Hitachi Energy is aware of a buffer overflow vulnerability that affects MACH HiDraw product versions listed in this document. Successful exploitation of this vulnerability could lead to a buffer overflow condition, potentially resulting in application outages (denial of service) and possible arbitrary code execution. Please refer to the Recommended Immediate Actions for information about the mitigation/remediation.

The following versions of Hitachi Energy MACH HiDraw are affected:

MACH HiDraw vers:MACH_HiDraw/

Read the full advisory on CISA →