CVE-2025-39202 Hitachi Energy CVE debrief

Who should care

OT/ICS operators using Hitachi Energy MicroSCADA Pro/X SYS600, especially administrators and defenders responsible for systems running versions 10.0 through 10.5. Site teams should also care if low-privilege local accounts exist on impacted hosts or if file integrity matters for logs and supervision data.

Technical summary

The advisory describes a local attack requiring authentication and low privileges, with no user interaction. The weakness allows the attacker to read and overwrite files in the Monitor Pro and Supervision log area, affecting confidentiality and integrity. CISA’s provided CVSS 3.1 vector is AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H, consistent with a local issue that can still have substantial operational impact. Affected versions are MicroSCADA Pro/X SYS600 >=10.0 and <10.6; version 10.7 is listed as fixed.

Defensive priority

High. If you run an affected MicroSCADA Pro/X SYS600 version, prioritize updating to 10.7 and reducing local access exposure until the upgrade is complete.

Recommended defensive actions

• Upgrade Hitachi Energy MicroSCADA Pro/X SYS600 to version 10.7 as soon as practical.
• Review and restrict local authenticated low-privilege access on affected hosts.
• Check file permissions and integrity controls around Monitor Pro and Supervision log locations.
• Monitor for unexpected file changes or missing integrity in impacted systems and logs.

Evidence notes

The supplied CISA CSAF source item for ICSA-25-184-02 states that the issue affects Hitachi Energy MicroSCADA Pro/X SYS600 versions >=10.0 and <10.6 and that a local authenticated low-privilege user can see and overwrite files, causing information leak and data corruption. The same source lists MicroSCADA X SYS600 10.7 as the fixed version for CVE-2025-39202. The advisory was initially published on 2025-07-03, matching the CVE publication timestamp provided in the corpus.

Official resources