pcm600 vulnerability

The pcm600 vulnerability tag covers a path-traversal flaw in Hitachi Energy's PCM600 engineering software, used to configure protection-and-control equipment in the energy sector. CISA republished an advisory on May 5, 2026, warning that affected legacy and 3.x versions mishandle malicious ZIP archives, allowing attackers to write files outside the intended extraction path. While the CVSS score is medium, the issue is notable because a 2018 software-supply-chain bug has resurfaced in industrial tooling. For operators, this highlights that engineering workstations are part of the attack surface. Discussions on WindowsForum.com focus on the implications for OT environments and the need for patching legacy systems.