Which versions of FOX61x are affected by this vulnerability?

Versions R18 and R17A and earlier of Hitachi Energy's FOX61x products are affected by CVE-2024-3596.

What mitigation steps should be taken to address this vulnerability?

Organizations should enable the RADIUS Message-Authenticator option in both the FOX61x and RADIUS Server configurations and consider updating to FOX61x R18. Additionally, implementing general security practices and firewall configurations is recommended.

Critical Vulnerability in Hitachi Energy's FOX61x Products (CVE-2024-3596)

Q: What is CVE-2024-3596?

CVE-2024-3596 is a critical vulnerability in Hitachi Energy's FOX61x products that allows attackers to modify RADIUS responses through an MD5 collision attack, potentially compromising system security.

A newly disclosed vulnerability in Hitachi Energy's FOX61x devices poses significant security risks. Learn about the implications and recommended mitigations.

Published: February 6, 2026

Share this on:

Executive Summary

In January 2026, Hitachi Energy disclosed a critical vulnerability (CVE-2024-3596) in its FOX61x products, specifically affecting versions R18 and R17A and earlier. This flaw, inherent in the RADIUS protocol under RFC 2865, allows local attackers to modify valid responses through a chosen-prefix collision attack on the MD5 Response Authenticator signature. Exploitation could compromise the confidentiality, integrity, and availability of the affected systems. The vulnerability is particularly relevant when FOX61x devices are configured to use remote RADIUS authentication. (it4automation.com)

This incident underscores the persistent risks associated with legacy authentication protocols and the importance of implementing robust security measures. Organizations utilizing FOX61x devices are urged to apply the recommended mitigations promptly to prevent potential exploitation.

Why This Matters Now

The disclosure of CVE-2024-3596 highlights the critical need for organizations to reassess and strengthen their authentication mechanisms, especially in industrial control systems. With the increasing sophistication of cyber threats targeting infrastructure, timely remediation of such vulnerabilities is essential to maintain operational security and resilience.

Attack Path Analysis

An attacker exploited the RADIUS protocol vulnerability (CVE-2024-3596) in Hitachi Energy FOX61x devices to forge authentication responses, gaining unauthorized access. They escalated privileges by modifying RADIUS responses to grant higher-level access. The attacker moved laterally within the network by accessing other systems authenticated via the compromised RADIUS server. They established command and control by maintaining persistent access through the manipulated authentication system. Sensitive data was exfiltrated by accessing and transferring information from systems authenticated via the compromised RADIUS server. The attack impacted confidentiality, integrity, and availability by allowing unauthorized access and potential data manipulation.

Kill Chain Progression

Initial Compromise

High

Privilege Escalation

Mediuminferred

Lateral Movement

Mediuminferred

Command & Control

Lowinferred

Exfiltration

Lowinferred

Impact

Lowinferred

Initial Compromise

Description

The attacker exploited the RADIUS protocol vulnerability (CVE-2024-3596) in Hitachi Energy FOX61x devices to forge authentication responses, gaining unauthorized access.

Confidence:

High

Related CVEs

Included CVEs with severity scores, affected products, exploit status, and reference links.

CVE-2024-3596
CVSS 9
The RADIUS protocol under RFC 2865 is vulnerable to forgery attacks that allow a local attacker to modify any valid response (Access-Accept, Access-Reject, or Access-Challenge) into another response by exploiting a chosen-prefix collision attack on the MD5 Response Authenticator signature.
Affected Products:
Hitachi Energy FOX61x – <= R17A
Exploit Status:
no public exploit
References:
https://nvd.nist.gov/vuln/detail/CVE-2024-3596 https://www.cisa.gov/news-events/ics-advisories/icsa-26-036-06

MITRE ATT&CK® Techniques

Techniques identified for SEO/filtering; may be expanded with full STIX/TAXII enrichment later.

Defense Evasion

T1550

Use Alternate Authentication Material

Defense Evasion

T1550.001

Application Access Token

Defense Evasion

T1550.002

Pass the Hash

Defense Evasion

T1550.003

Pass the Ticket

Defense Evasion

T1550.004

Web Session Cookie

Collection

T0830

Adversary-in-the-Middle

Potential Compliance Exposure

Mapping incident impact across multiple compliance frameworks.

PCI DSS 4.0 – Strong Cryptography for Authentication

Control ID: 8.2.2

The use of MD5 in RADIUS authentication responses does not meet the strong cryptographic requirements, exposing authentication processes to potential forgery attacks.

NYDFS 23 NYCRR 500 – Cybersecurity Policy

Control ID: 500.03

The vulnerability indicates a lack of robust cybersecurity policies governing the use of secure authentication protocols, leading to potential unauthorized access.

DORA – ICT Risk Management Framework

Control ID: Article 6

The incident reveals deficiencies in the ICT risk management framework, particularly in identifying and mitigating risks associated with outdated cryptographic protocols.

CISA ZTMM 2.0 – Identity and Access Management

Control ID: 3.1

The exploitation of the RADIUS protocol vulnerability suggests inadequate identity and access management controls, compromising the integrity of authentication mechanisms.

NIS2 Directive – Security Measures

Control ID: Article 21

The incident highlights a failure to implement appropriate technical and organizational measures to manage risks posed by vulnerabilities in network protocols.

Sector Implications

Industry-specific impact of the vulnerabilities, including operational, regulatory, and cloud security risks.

Utilities

Critical vulnerability in Hitachi Energy FOX61x RADIUS authentication affects power grid control systems, enabling forgery attacks compromising operational technology security.

Oil/Energy/Solar/Greentech

Energy sector infrastructure using FOX61x devices faces high-severity authentication bypass risks, potentially disrupting critical energy production and distribution operations.

Critical Manufacturing

Manufacturing control systems vulnerable to MD5 collision attacks through compromised RADIUS authentication, risking production integrity and operational availability disruptions.

Government Administration

Government critical infrastructure dependent on FOX61x industrial control systems exposed to network-based authentication forgery attacks with confidentiality implications.

Sources

Hitachi Energy FOX61xhttps://www.cisa.gov/news-events/ics-advisories/icsa-26-036-06
Verified

CVE-2024-3596 Detailhttps://nvd.nist.gov/vuln/detail/CVE-2024-3596

Verified

Hitachi Energy Cybersecurity Trust Centerhttps://www.hitachienergy.com/products-and-solutions/cybersecurity/cybersecurity-trust-center

Verified

Frequently Asked Questions

CVE-2024-3596 is a critical vulnerability in Hitachi Energy's FOX61x products that allows attackers to modify RADIUS responses through an MD5 collision attack, potentially compromising system security.

Cloud Native Security Fabric Mitigations and ControlsCNSF

Aviatrix Zero Trust CNSF is pertinent to this incident as it could likely reduce the attacker's ability to exploit authentication vulnerabilities and limit unauthorized lateral movement within the network.

Initial Compromise

Control: Cloud Native Security Fabric (CNSF)

Mitigation: The attacker's ability to exploit authentication vulnerabilities would likely be constrained, reducing the risk of unauthorized access.

Privilege Escalation

Control: Zero Trust Segmentation

Mitigation: The attacker's ability to escalate privileges would likely be constrained, reducing the risk of unauthorized access to sensitive systems.

Lateral Movement

Control: East-West Traffic Security

Mitigation: The attacker's ability to move laterally within the network would likely be constrained, reducing the risk of widespread compromise.

Command & Control

Control: Multicloud Visibility & Control

Mitigation: The attacker's ability to maintain persistent access would likely be constrained, reducing the risk of prolonged unauthorized control.

Exfiltration

Control: Egress Security & Policy Enforcement

Mitigation: The attacker's ability to exfiltrate sensitive data would likely be constrained, reducing the risk of data loss.

Impact (Mitigations)

The attacker's ability to compromise confidentiality, integrity, and availability would likely be constrained, reducing the overall impact of the attack.

Impact at a Glance

Affected Business Functions

Network Authentication Services
Remote Access Management

Operational Disruption

Estimated downtime: N/A

Financial Impact

Estimated loss: N/A

Data Exposure

Potential exposure of authentication credentials and unauthorized access to network resources.

Recommended Actions

• Implement Encrypted Traffic (HPE) to secure data in transit and prevent unauthorized access.
• Deploy Zero Trust Segmentation to enforce least privilege access and limit lateral movement.
• Utilize East-West Traffic Security to monitor and control internal network communications.
• Establish Multicloud Visibility & Control to detect and respond to anomalous activities across environments.
• Enforce Egress Security & Policy Enforcement to prevent unauthorized data exfiltration.

Secure the Paths Between Cloud Workloads

A cloud-native security fabric that enforces Zero Trust across workload communication—reducing attack paths, compliance risk, and operational complexity.

Stop Advanced Threats Get a Free Workload Attack Path Assessment Under Active Attack?

Critical Vulnerability in Hitachi Energy's FOX61x Products (CVE-2024-3596)

Executive Summary

Why This Matters Now

Attack Path Analysis

Kill Chain Progression

Initial Compromise

Description

Related CVEs

CVE-2024-3596

Affected Products:

Exploit Status:

References:

MITRE ATT&CK® Techniques

Use Alternate Authentication Material

Application Access Token

Pass the Hash

Pass the Ticket

Web Session Cookie

Adversary-in-the-Middle

Potential Compliance Exposure

PCI DSS 4.0 – Strong Cryptography for Authentication

NYDFS 23 NYCRR 500 – Cybersecurity Policy

DORA – ICT Risk Management Framework

CISA ZTMM 2.0 – Identity and Access Management

NIS2 Directive – Security Measures

Sector Implications

Utilities

Oil/Energy/Solar/Greentech

Critical Manufacturing

Government Administration

Sources

Frequently Asked Questions

Cloud Native Security Fabric Mitigations and ControlsCNSF

Impact at a Glance

Affected Business Functions

Recommended Actions

Key Takeaways & Next Steps

Secure the Paths Between Cloud Workloads