PatchSiren cyber security CVE debrief
CVE-2024-3980 Hitachi Energy CVE debrief
CVE-2024-3980 is a critical vulnerability in Hitachi Energy MACH GWS where authenticated user input can control or influence file paths or file names used in filesystem operations. If abused, that could allow access to or modification of system files or other application-critical files. CISA published the advisory on 2025-02-25 and identified affected MACH GWS versions 2.1.0.0 and 2.2.0.0 through 3.3.0.0.
- Vendor
- Hitachi Energy
- Product
- MACH GWS
- CVSS
- CRITICAL 9.9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-02-25
- Original CVE updated
- 2025-02-25
- Advisory published
- 2025-02-25
- Advisory updated
- 2025-02-25
Who should care
Organizations operating Hitachi Energy MACH GWS, especially OT/ICS teams, administrators, and security staff responsible for version tracking, patching, and access control. Any environment running affected versions should treat this as a high-priority remediation item.
Technical summary
The advisory describes an authenticated input handling issue in MACH GWS filesystem operations: user-controlled values can influence path or filename selection. The result, if exploited, is unauthorized access to or modification of sensitive files. CISA’s CSAF lists affected products as MACH GWS version 2.1.0.0 and versions 2.2.0.0 to 2.4.0.0 and 3.0.0.0 to 3.3.0.0. The CVSS v3.1 vector is AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H, scoring 9.9.
Defensive priority
Urgent. This is a network-reachable, authenticated vulnerability with high confidentiality, integrity, and availability impact in an industrial product. Prioritize patching and compensating controls before routine maintenance cycles.
Recommended defensive actions
- Upgrade MACH GWS version 3.0.0.0 through 3.3.0.0 to 3.4.0.0.
- For MACH GWS version 2.1.0.0, apply patches HF1 through HF6 sequentially as directed by the vendor.
- For MACH GWS versions 2.2.0.0 through 2.4.0.0, apply patches HF3 through HF6 sequentially as directed by the vendor.
- If upgrades or sequential patches are not immediately feasible, contact the local account team for vendor-provided mitigation guidance.
- Restrict access to authenticated accounts and review which users can reach MACH GWS management functions.
- Monitor for unexpected file access or modification activity in and around the MACH GWS installation path.
- Validate remediation against the vendor advisory and record the affected version in asset inventory for future patch tracking.
Evidence notes
All factual claims are drawn from the supplied CISA CSAF source item and its referenced Hitachi Energy advisory. The source lists the affected versions, states that authenticated user input can influence file paths or file names used in filesystem operations, and recommends version-specific fixes or sequential hotfixes. The advisory publication date used here is 2025-02-25, matching the supplied CVE and source metadata.
Official resources
-
CVE-2024-3980 CVE record
CVE.org
-
CVE-2024-3980 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published ICSA-25-133-03 for CVE-2024-3980 on 2025-02-25, alongside the vendor advisory reference in the supplied source corpus.