[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"branding":3,"analytics":7,"article-hitachi-energy-hidraw-faces-heap-overflow-vulnerability":10},{"siteName":4,"siteTagline":5,"publisherName":4,"contactEmail":6},"The Revision","Tech news, decoded.","editor@therevision.news",{"gaMeasurementId":8,"adsenseClientId":9},"G-ZW2MV82GYR","ca-pub-8533917693782264",{"article":11},{"id":12,"slug":13,"title":14,"dek":15,"body_md":16,"tags_json":17,"published_at":18,"created_at":19,"updated_at":20,"status":21,"review_note":22,"review_notes":23,"image_url":30,"persona_id":22,"persona_name":22,"section":22,"tags":31,"sources":35,"feedback":39,"feedback_at":22,"cost_usd":39,"total_tokens":39},1006,"hitachi-energy-hidraw-faces-heap-overflow-vulnerability","Hitachi Energy HiDraw faces heap overflow vulnerability","CISA warns that versions 9.22 and earlier of Hitachi Energy's MACH HiDraw are vulnerable to CVE‑2026‑7310, with a fix slated for 9.23.","# Hitachi Energy's HiDraw software has a new security flaw.\n\nCISA republished a Hitachi Energy advisory that identifies a heap‑based buffer overflow in the XML parser of MACH HiDraw versions up to 9.22 (CVE‑2026‑7310). An attacker with local access can craft a malicious XML file that corrupts memory, potentially crashing the application or executing arbitrary code. The vendor rates the issue a medium‑severity CVSS 5.5 and offers a patch in version 9.23.\n\nThe vulnerability matters because HiDraw is deployed in critical infrastructure sectors such as dams, energy grids, and transportation systems worldwide. A breach could disrupt control‑system availability or tamper with operational data, raising safety and reliability concerns. Operators are urged to apply the 9.23 update promptly and tighten network segmentation, as the advisory stresses that these control systems should not be exposed to the Internet.\n\nIn the broader ICS landscape, this follows a string of recent buffer‑overflow bugs in legacy control‑system software, highlighting the lingering risk of outdated components. While Hitachi’s patch is a standard response, the episode underscores the need for continuous hardening and timely upgrades, especially for software that underpins public utilities.\n\nBottom line: if you run MACH HiDraw version 9.22 or earlier, schedule the 9.23 upgrade, audit your firewall rules, and treat the system as air‑gapped wherever possible.","[\"ics\",\"vulnerability\",\"hitachi-energy\"]","2026-06-04T12:00:00.000Z","2026-06-16T03:48:28.860Z","2026-06-16T03:48:36.319Z","published",null,[24],{"id":25,"reviewer":26,"round":27,"reason":28,"status":29},"editor-r1","editor",1,"Add a clear concluding paragraph that summarizes the news and its impact.","resolved","https:\u002F\u002Fcdn.xyz.onl\u002Farticle-images\u002Fhitachi-energy-hidraw-faces-heap-overflow-vulnerability.webp",[32,33,34],"ics","vulnerability","hitachi-energy",[36],{"name":37,"url":38},"CISA Advisories","https:\u002F\u002Fwww.cisa.gov\u002Fnews-events\u002Fics-advisories\u002Ficsa-26-155-05",0]