PatchSiren cyber security CVE debrief
CVE-2025-2403 Hitachi Energy CVE debrief
CVE-2025-2403 is a high-severity availability issue in Hitachi Energy Relion 670/650 and SAM600-IO series devices. CISA describes it as an improper prioritization of network traffic over a protection mechanism that could let a denial-of-service condition interfere with critical functions such as the Line Distance Communication Module (LDCM). The advisory was published on 2025-06-24 and later updated on 2025-08-26 to revise fixed-version guidance.
- Vendor
- Hitachi Energy
- Product
- Relion 670
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-06-24
- Original CVE updated
- 2025-08-26
- Advisory published
- 2025-06-24
- Advisory updated
- 2025-08-26
Who should care
OT and industrial control system owners, substation and protection-relay operators, utility security teams, and integrators responsible for Hitachi Energy Relion 670/650 or SAM600-IO deployments, especially where these devices support protection or communication functions.
Technical summary
The advisory identifies a network-exploitable DoS flaw with CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The stated weakness is improper prioritization of network traffic over a protection mechanism in Relion 670/650 and SAM600-IO series devices. If exploited, the issue can cause critical functions, including LDCM, to malfunction. CISA lists remediation by affected branch, including fixed releases such as 2.2.6.4, 2.2.5.8, and 2.2.4.5, plus general mitigation factors for all affected products.
Defensive priority
High
Recommended defensive actions
- Inventory all Hitachi Energy Relion 670, Relion 650, and SAM600-IO assets and confirm exact firmware/software versions.
- Upgrade affected systems to the vendor-fixed release for the installed branch, following the advisory guidance (for example 2.2.6.4, 2.2.5.8, or 2.2.4.5 where applicable).
- Apply the vendor and CISA mitigation guidance for all affected products, especially if you cannot patch immediately.
- Prioritize devices that support protection or communication functions such as LDCM for accelerated maintenance windows.
- Review network exposure and restrict access to OT device management and traffic paths to the minimum necessary.
Evidence notes
Primary evidence comes from CISA CSAF advisory ICSA-25-182-06 (Hitachi Energy Relion 670/650 and SAM600-IO Series, Update A). The advisory states the issue is a denial of service caused by improper prioritization of network traffic over a protection mechanism and notes possible malfunction of critical functions like LDCM. The supplied CVSS vector is AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The enrichment data indicates this is not currently marked as a CISA KEV item.
Official resources
-
CVE-2025-2403 CVE record
CVE.org
-
CVE-2025-2403 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed by CISA in CSAF advisory ICSA-25-182-06 on 2025-06-24. The advisory was modified on 2025-08-26 to update fixed-version guidance to 2.2.6.4.