Man-in-the-Middle Vulnerability in MicroSCADA X SYS600 by Hitachi Energy
CVE-2025-39205

8.3HIGH

Key Information:

Vendor: Hitachi
Status: Microscada X Sys600
Vendor: CVE Published:; 24 June 2025

What is CVE-2025-39205?

A vulnerability has been identified in the IEC 61850 implementation of Hitachi Energy's MicroSCADA X SYS600 product. The flaw lies in the TLS protocol's certificate validation process, which is not properly enforced, potentially allowing attackers to execute remote Man-in-the-Middle attacks. This oversight can result in unauthorized interception and manipulation of data being transmitted across the network, posing significant security risks to systems relying on the affected product.

Affected Version(s)

MicroSCADA X SYS600 10.3 <= 10.6

References

https://publisher.hitachienergy.com/preview?DocumentID=8D...

CVSS V4

Score:

8.3

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 24, 2025
Vulnerability Reserved
Apr 16, 2025