CVE-2023-45802 Hitachi Energy CVE debrief

Who should care

Administrators and operators of Hitachi Energy Service Suite, OT/ICS security teams, and patch managers responsible for systems running version 9.8.1.3 or earlier.

Technical summary

The CISA CSAF record for ICSA-25-133-01 lists Hitachi Energy Service Suite versions 9.8.1.3 and below as affected by unspecified Apache HTTP Server 2.4 vulnerabilities. The provided CVSS 3.1 vector (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) indicates remote, unauthenticated exposure with high availability impact and no confidentiality or integrity impact. The advisory does not supply the underlying Apache issue identifiers in the provided corpus; remediation is to upgrade to 9.8.1.4.

Defensive priority

Medium. Patch planning should be prioritized for any affected deployment, especially where the Service Suite is operationally important or broadly reachable on the network.

Recommended defensive actions

• Upgrade Hitachi Energy Service Suite to version 9.8.1.4 or later as directed by the vendor advisory.
• Inventory deployments to confirm whether any instance is running version 9.8.1.3 or below.
• Treat the issue as a potential availability risk and schedule remediation according to operational criticality.
• Monitor vendor and CISA advisories for any clarification on the underlying Apache HTTP Server 2.4 vulnerabilities.
• Use standard ICS defensive practices such as segmentation, least privilege, and monitored change windows when applying the update.

Evidence notes

The supplied CISA CSAF advisory (ICSA-25-133-01) names Hitachi Energy Service Suite as the product, identifies affected versions as 9.8.1.3 and below, describes the issue as Apache HTTP Server 2.4 vulnerabilities, and recommends updating to 9.8.1.4. The associated CVSS vector is CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H. No KEV data is present in the supplied enrichment.

Official resources