CVE-2025-2403
📋 TL;DR
A denial-of-service vulnerability in Hitachi Energy Relion 670/650 and SAM600-IO series devices allows attackers to disrupt network traffic prioritization, potentially causing critical functions like the Line Distance Communication Module (LDCM) to malfunction. This affects industrial control systems in power grid and substation environments where these protection relays are deployed.
💻 Affected Systems
- Relion 670 series
- Relion 650 series
- SAM600-IO series
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete disruption of protective relay functions leading to power grid instability, equipment damage, or cascading failures in electrical substations.
Likely Case
Temporary loss of communication between protection devices causing localized disruption of monitoring and control functions.
If Mitigated
Limited impact with proper network segmentation and traffic monitoring, potentially causing only minor communication delays.
🎯 Exploit Status
Exploitation requires network access to the device and knowledge of industrial protocols. No public exploit code is currently available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Refer to vendor advisory for specific firmware versions
Vendor Advisory: https://publisher.hitachienergy.com/preview?DocumentID=8DBD000216&LanguageCode=en&DocumentPartId=&Action=Launch
Restart Required: Yes
Instructions:
1. Review vendor advisory for specific affected firmware versions. 2. Download updated firmware from Hitachi Energy support portal. 3. Follow vendor's firmware update procedures for Relion/SAM600 devices. 4. Test in non-production environment first. 5. Schedule maintenance window for deployment. 6. Verify functionality post-update.
🔧 Temporary Workarounds
Network Segmentation
allIsolate affected devices in dedicated network segments with strict firewall rules
Traffic Monitoring
allImplement network monitoring for abnormal traffic patterns to affected devices
🧯 If You Can't Patch
- Implement strict network access controls allowing only authorized traffic to affected devices
- Deploy intrusion detection systems monitoring for DoS patterns against industrial protocols
🔍 How to Verify
Check if Vulnerable:
Check device firmware version against vulnerable versions listed in vendor advisoryCheck Version:
Device-specific commands via vendor configuration tools (exact command varies by device model)Verify Fix Applied:
Verify firmware version has been updated to patched version and test LDCM functionality📡 Detection & Monitoring
Log Indicators:
- Unusual network traffic patterns
- LDCM communication failures
- Device restart events
Network Indicators:
- Abnormal packet flooding to port 102 (IEC 61850) or other industrial ports
- Traffic prioritization anomalies
SIEM Query:
source="industrial_device" AND (event_type="communication_failure" OR traffic_volume > threshold)