CISA Publishes Six New Advisories for Vulnerabilities in Hitachi Energy and Mitsubishi Electric Industrial Control Systems

Executive Summary

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued six new security advisories concerning vulnerabilities in Industrial Control Systems (ICS) from two major vendors: Hitachi Energy and Mitsubishi Electric. The advisories, released on January 8, 2026, address flaws in products used extensively across critical infrastructure, including the Energy sector. Asset owners and operators are strongly encouraged to review the advisories and apply mitigations to protect their operational technology (OT) environments from potential cyberattacks.

Vulnerability Details

CISA released a total of six advisories, breaking down as follows:

• Hitachi Energy (1 Advisory):

  • ICSA-26-008-01: This advisory details vulnerabilities in the Hitachi Energy Asset Suite, a product line used for asset management within the Energy sector.

• Mitsubishi Electric (5 Advisories):

  • The remaining five advisories cover a range of products from Mitsubishi Electric, including multiple updates for its ICONICS Digital Solutions platform and other industrial automation products.

While the specific CVEs and severity scores for each vulnerability are detailed within the individual advisories on CISA's website, the collective release highlights an ongoing focus by security researchers and government agencies on securing OT environments. Vulnerabilities in these systems can have physical consequences, leading to operational shutdowns, equipment damage, or safety incidents.

Affected Systems

• Hitachi Energy Asset Suite
• Mitsubishi Electric ICONICS Digital Solutions
• Other various Mitsubishi Electric products as detailed in the specific advisories.

These products are deployed globally across numerous critical infrastructure sectors, including but not limited to:

• Energy
• Manufacturing
• Water and Wastewater Systems
• Building Automation

Impact Assessment

Exploitation of vulnerabilities in ICS/SCADA systems can have severe and far-reaching consequences. Depending on the specific flaw, a successful attack could allow an adversary to:

• Disrupt Operations: Cause a denial of service, shutting down industrial processes and leading to significant financial loss.
• Manipulate Processes: Alter control logic to damage equipment, create unsafe conditions, or degrade product quality.
• Gain Unauthorized Access: Achieve a foothold in the OT network, enabling long-term espionage or staging for a future disruptive attack.
• Loss of View/Control: Prevent operators from monitoring or controlling the industrial process, creating a dangerous and unpredictable environment.

Detection & Response

• OT Network Monitoring: Deploy network security monitoring solutions specifically designed for OT environments. These tools can passively monitor traffic, identify assets, and detect anomalous behavior or the use of proprietary industrial protocols for malicious purposes.
• Log Analysis: Collect and analyze logs from ICS/SCADA applications, historians, and HMIs. Look for unauthorized login attempts, configuration changes, or commands issued outside of normal operational parameters.
• Asset Inventory: Maintain a detailed inventory of all ICS assets, including firmware versions and patch status, to quickly identify systems affected by new advisories.

Mitigation

CISA recommends that asset owners take the following defensive measures:

• Review Advisories: Immediately review the specific advisories from CISA for detailed information on the vulnerabilities, affected products, and recommended mitigations.
• Apply Updates: Apply the patches and updates provided by Hitachi Energy and Mitsubishi Electric as soon as is feasible within a planned maintenance window.
• Minimize Network Exposure: Isolate ICS networks from corporate IT networks and the internet. Use firewalls and unidirectional gateways to control all traffic between OT and IT environments.
• Secure Remote Access: If remote access to the OT network is required, ensure it is done through a secure, MFA-enabled VPN or other secure access solution with strict access controls and monitoring.