CVE-2025-39201 is a vulnerability identified in Hitachi Energy's MicroSCADA X SYS600 product, specifically version 10.0. The root cause is incorrect default permissions (CWE-276) on system files, which allows a local attacker with limited privileges (but no authentication required) to tamper with critical system files. This tampering can lead to a denial of service (DoS) condition affecting the Notify service within the MicroSCADA environment. The Notify service is likely responsible for alerting or communication functions critical to supervisory control and data acquisition (SCADA) operations. The vulnerability does not impact confidentiality but affects integrity and availability, as unauthorized modification of system files can disrupt service availability. The CVSS v3.1 score is 6.1 (medium severity) with vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H, indicating local attack vector, low attack complexity, requiring low privileges, no user interaction, unchanged scope, no confidentiality impact, limited integrity impact, and high availability impact. No known exploits are currently reported in the wild, and no patches have been linked yet. The vulnerability was published on June 24, 2025, with the issue reserved since April 16, 2025. The problem stems from default permissions that are too permissive, allowing unauthorized local modification of system files critical to Notify service operation, which can cause service denial and potentially disrupt SCADA system monitoring and control functions.

For European organizations, particularly those in critical infrastructure sectors such as energy and utilities, this vulnerability poses a significant risk. MicroSCADA X SYS600 is a SCADA system used for monitoring and controlling electrical grids and other industrial processes. Disruption of the Notify service could delay or prevent critical alerts and notifications, impairing operators' situational awareness and response capabilities. This may lead to operational downtime, reduced reliability of energy distribution, and potential cascading failures in interconnected systems. While the vulnerability requires local access with low privileges, insider threats or attackers who gain initial foothold through other means could exploit this to escalate disruptions. The lack of confidentiality impact reduces risk of data leakage, but integrity and availability impacts are critical in industrial control systems. European energy providers and utilities relying on Hitachi Energy SCADA solutions could face operational interruptions, regulatory scrutiny, and financial losses if exploited. The absence of known exploits suggests a window for proactive mitigation, but the medium severity and potential for denial of service in critical infrastructure warrant urgent attention.

Immediately review and harden file system permissions on MicroSCADA X SYS600 installations, ensuring that system files related to the Notify service are accessible only by authorized system processes and administrators. Implement strict access controls and monitoring on systems running MicroSCADA X SYS600 to detect unauthorized local access attempts or file modifications. Restrict local user accounts and limit the number of users with local access to SCADA systems, employing the principle of least privilege. Deploy host-based intrusion detection systems (HIDS) to monitor integrity of critical system files and alert on unauthorized changes. Establish network segmentation to isolate SCADA systems from general IT networks, reducing the risk of lateral movement by attackers. Coordinate with Hitachi Energy for timely release and application of official patches or updates addressing this vulnerability once available. Conduct regular security audits and penetration testing focusing on local privilege escalation and file permission weaknesses within SCADA environments. Develop and rehearse incident response plans specifically for SCADA service disruptions to minimize operational impact if exploitation occurs.