Hitachi Energy’s ITT600 Explorer tool has two CVE‑rated vulnerabilities that allow remote denial‑of‑service attacks.
The flaws—CVE‑2024‑8176 (stack overflow) and CVE‑2025‑59375 (uncontrolled memory allocation)—both stem from the libexpat library used when the product runs IEC 61850 server simulations. Exploitation is network‑local and can crash the simulator or corrupt memory, scoring 7.5 / 10 on CVSS. Versions prior to 2.1 SP6 are affected; Hitachi Energy provides a hot‑fix (2.1 SP6 HF1) and plans a 2.2 release.
For operators of critical‑infrastructure test labs, the issue matters because the ITT600 Explorer is often the final step before deploying IEC 61850 configurations to live substations. A crash at that stage could delay commissioning or, worse, mask deeper faults if the tool is used in production monitoring. The advisory notes the product itself is not an IEC 61850 endpoint, but the vulnerability still widens the attack surface of any network that hosts the simulator.
CISA recommends three immediate steps: upgrade to the hot‑fix or the upcoming 2.2 version, isolate the simulator behind a firewall with no Internet exposure, and enforce strict access controls on the control‑system network. Until patches are applied, treat the tool as a high‑risk asset and monitor for abnormal traffic or crashes.
In short, the ITT600 Explorer’s DoS bugs are a reminder that even testing utilities can become footholds for attackers. Apply the vendor’s fixes, segment the device, and keep the simulation environment out of the public network.