CVE-2025-2403 is a high-severity denial-of-service (DoS) vulnerability affecting Hitachi Energy's Relion 670/650 and SAM600-IO series devices, specifically impacting versions 2.2.2.6 through 2.2.6.0. These devices are critical components in electrical grid protection and automation systems. The vulnerability arises from improper allocation of resources without adequate limits or throttling, classified under CWE-770. Specifically, the devices fail to properly prioritize network traffic over their protection mechanisms, which can be exploited by an unauthenticated attacker remotely over the network without requiring user interaction. Exploitation can cause critical functions such as the Line Distance Communication Module (LDCM) to malfunction, potentially disrupting protective relaying and communication essential for grid stability. The CVSS v3.1 score of 7.5 reflects a high severity, with network attack vector, low attack complexity, no privileges or user interaction required, and an impact limited to availability (no confidentiality or integrity impact). No known exploits are currently reported in the wild, and no patches have been linked yet. The vulnerability’s root cause is the lack of resource allocation limits or throttling, which allows an attacker to overwhelm the device’s processing capabilities, leading to denial of critical protective functions. Given the role of these devices in power grid protection, the vulnerability poses a significant risk to operational continuity and grid reliability if exploited.

For European organizations, especially utilities and critical infrastructure operators, this vulnerability could have severe operational impacts. The Relion 670/650 and SAM600-IO devices are widely used in electrical substations for protection and automation. A successful DoS attack could disable or degrade protective relaying functions, leading to delayed fault detection and isolation, increasing the risk of cascading failures or prolonged outages. This could affect power distribution reliability, potentially causing blackouts or equipment damage. The impact is primarily on availability, with no direct confidentiality or integrity compromise, but the operational disruption could have significant downstream effects on service continuity and safety. Given the increasing digitization and interconnectivity of European power grids, such vulnerabilities could be leveraged in coordinated attacks targeting grid stability. The lack of required authentication and user interaction lowers the barrier for exploitation, increasing the threat level. Although no exploits are currently known, the critical nature of the devices and their deployment in essential services make this vulnerability a high priority for mitigation.

1. Immediate network-level mitigation: Implement strict network segmentation and access control lists (ACLs) to restrict traffic to Relion 670/650 and SAM600-IO devices only from trusted management and operational networks. 2. Rate limiting and traffic prioritization: Deploy network devices capable of rate limiting and prioritizing legitimate protection traffic to prevent resource exhaustion attacks. 3. Monitoring and anomaly detection: Enhance monitoring of network traffic patterns to these devices to detect unusual spikes or malformed packets indicative of exploitation attempts. 4. Vendor coordination: Engage with Hitachi Energy to obtain patches or firmware updates addressing this vulnerability as soon as they become available. 5. Incident response readiness: Prepare operational procedures to quickly isolate affected devices and switch to backup protection schemes in case of suspected DoS attacks. 6. Firmware version auditing: Inventory and verify device firmware versions to identify and prioritize updates for vulnerable versions 2.2.2.6 through 2.2.6.0. 7. Harden device configurations: Disable unnecessary network services and interfaces on the devices to reduce attack surface. 8. Conduct penetration testing and red teaming exercises focused on these devices to validate defenses and detection capabilities.