IM
IronMonkey Threat Research
‹ Back to ICS Advisories

Hitachi Energy e-mesh EMS

HIGH
CVSS 8.1
Date 2026-07-07T06:00:00+00:00
Source cisa-csaf
Published by CISA

// Description

Hitachi Energy is aware of a buffer overflow vulnerability that affects e-mesh EMS product versions listed in this document. Successful exploitation of this vulnerability could lead to a buffer overflow condition, potentially resulting in application outages (denial of service) and possible arbitrary code execution. Please refer to the Recommended Immediate Actions for information about the mitigation/remediation.

// Vulnerabilities (1)

CVE ID CVSS Score Severity Description
CVE-2026-42945 8.1 high
CVE-2026-42945. NGINX Plus and NGINX Open Source used in e-mesh EMS have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression (PCRE) capture (for example, $1, $2) with a replacement string that includes a question mark (?). An unauthenticated attacker along with conditions beyond its control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR. e-mesh EMS versions using NGINX v1.30.0 and below are affected.

// Remediations (3)

Mitigation: Underlying Ubuntu Server 20.04 LTS is End of Life. For e-mesh EMS versions 4.1.6/4.4.2 using Ubuntu
Underlying Ubuntu Server 20.04 LTS is End of Life. For e-mesh EMS versions 4.1.6/4.4.2 using Ubuntu 20.04 LTS, upgrade to Ubuntu Server 22.04, or 24.04, or activate Ubuntu Pro/ESM as an interim measure.
Patch: Apply hotfix for respective e-mesh EMS versions to update NGINX to either v1.30.2 or latest
Apply hotfix for respective e-mesh EMS versions to update NGINX to either v1.30.2 or latest
Mitigation: Ensure rewrite configuration does not contain "?" to replace unnamed captures, and ensure ASLR is se
Ensure rewrite configuration does not contain "?" to replace unnamed captures, and ensure ASLR is set to active (value=2) across all deployment targets covering all 3 versions.

// References