CISA flags Hitachi Energy ITT600 libexpat DoS flaws
The operational lesson is narrow but familiar: testing tools inherit the same open-source library debt as production OT systems.
TL;DR
CISA republished Hitachi Energy’s advisory for two high-severity libexpat vulnerabilities, CVE-2024-8176 and CVE-2025-59375, in ITT600 Explorer. Energy organizations, contractors and ISVs running affected versions with IEC61850 server simulation enabled should update to 2.1 SP6 HF1 or 2.2 when available. The advisory says IEC 61850 system endpoints are not affected, which narrows the blast radius but not the maintenance work.
CISA’s advisory is a routine one with a useful boundary. The two flaws sit in libexpat as used by Hitachi Energy ITT600 Explorer’s IEC61850 server simulation function, not in IEC 61850 system endpoints themselves. Both carry CVSS 3.1 scores of 7.5 and can support denial-of-service conditions; CVE-2024-8176 also carries a memory-corruption warning depending on environment and library use. The fix path is to move to ITT600 Explorer 2.1 SP6 HF1 or upgrade to 2.2 when available.
For operators, contractors and ISVs using ITT600 Explorer in energy-sector testing workflows, the Monday task is inventory, not drama. Find instances with IEC61850 server simulation enabled, confirm whether 2.1 SP6 HF1 is available through the vendor channel, and plan the 2.2 upgrade if it is not. The advisory also fits a broader pattern visible in recent Hitachi Energy ICS notices: third-party components keep surfacing inside OT tooling, and the fact that the affected software is “only” a test tool does not make unplanned downtime less annoying.
Published ·Deep Fathom