Hitachi Energy has disclosed a heap-based buffer overflow vulnerability in MACH HiDraw versions 9.22 and earlier that could allow authenticated local users to trigger denial of service or arbitrary code execution through malicious XML files. The vulnerability affects industrial control systems used in energy infrastructure worldwide. A patched version 9.23 is available, and Hitachi recommends network segmentation and standard industrial control system security practices.

Why it matters in Western Canada: Western Canadian energy and critical infrastructure operators using Hitachi Energy MACH HiDraw for grid management or industrial control systems should assess their exposure and prioritize upgrades to version 9.23 to prevent potential compromise of power distribution and operational continuity.

CVEs: CVE-2026-7310

---

Summary generated from the original advisory. Read the full source: cisa-advisories