Hitachi Energy has disclosed two vulnerabilities in ITT600 Explorer affecting versions prior to and including 2.1 SP6. Both vulnerabilities reside in the libexpat library and can be exploited to cause denial of service through stack overflow or excessive memory allocation when IEC61850 server simulation is enabled. Mitigation involves updating to version 2.1 SP6 HF1 or awaiting version 2.2.

Why it matters in Western Canada: Energy sector organizations in Western Canada using Hitachi Energy testing tools for grid simulation and IEC61850 protocol validation should prioritize patching to prevent operational disruptions in critical infrastructure testing environments.

CVEs: CVE-2024-8176, CVE-2025-59375

---

Summary generated from the original advisory. Read the full source: cisa-advisories