CVE-2023-43622 Hitachi Energy CVE debrief

Who should care

Organizations running Hitachi Energy Service Suite 9.8.1.3 or earlier, especially OT/ICS operators, platform administrators, and security teams responsible for patching and validating industrial software.

Technical summary

The advisory ties the weakness to Apache HTTP Server 2.4 vulnerabilities in Hitachi Energy Service Suite. The supplied CVSS vector (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) indicates a network-reachable issue that requires no privileges or user interaction and can cause high availability impact. The supplied source does not provide a more granular Apache CVE breakdown, so the safest public summary is limited to the advisory scope and affected version range.

Defensive priority

High. The issue is remotely reachable, requires no authentication, is rated 7.5/High, and has a clear vendor fix (upgrade to 9.8.1.4). Prioritize it for any deployed instance at or below 9.8.1.3.

Recommended defensive actions

• Inventory Hitachi Energy Service Suite deployments and confirm whether any instance is version 9.8.1.3 or below.
• Upgrade affected systems to version 9.8.1.4 as directed by the vendor advisory.
• Validate service availability and dependent OT workflows after patching, especially where Service Suite supports critical operations.
• Review CISA industrial control system recommended practices and maintain segmentation, least privilege, and defense-in-depth controls around the service.
• Monitor vendor and CISA advisories for any follow-up guidance or additional component-specific details.

Evidence notes

The supplied CISA CSAF advisory (ICSA-25-133-01) published on 2025-02-25 identifies Hitachi Energy Service Suite versions 9.8.1.3 and below as affected and recommends updating to 9.8.1.4. The metadata also records the issue as Apache HTTP Server 2.4 vulnerabilities and provides CVSS v3.1 vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. No KEV entry is present in the supplied corpus.

Official resources