ICSA-21-236-01 · Published 2021-08-24 · View on CISA ICS-CERT ↗

Hitachi ABB Power Grids TropOS

CVSS 7.5 HIGH

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to direct a client that is connected to a TropOS Wi-Fi access point to fake websites and extract sensitive data.

CVEs (12)

CVE-2020-24586 CVE-2020-24587 CVE-2020-24588 CVE-2020-26139 CVE-2020-26140 CVE-2020-26141 CVE-2020-26142 CVE-2020-26143 CVE-2020-26144 CVE-2020-26145 CVE-2020-26146 CVE-2020-26147

Remediations

Hitachi ABB Power Grids recommends updating to firmware v8.9.4.9 or later, which resolves these vulnerabilities. For additional information on these vulnerabilities, including update instructions, please see the Hitachi ABB Power Grids security advisory.
Disable the Wi-Fi access on any TropOS unit where local Wi-Fi access is not required. This is achieved by NOT enabling (or disabling) the local access SSID.
Where Wi-Fi access is required, wherever possible ensure physical access to the local area is restricted to approved staff only.
Use the Wi-Fi whitelist capability to restrict Wi-Fi access to only approved personnel.
As the FragAttacks vulnerability is targeted at an end-user device and generally involves redirection to fraudulent websites, the installation of comprehensive firewall capabilities on company end-user devices and servers will significantly reduce the likelihood of negative outcomes.

Affected Vendors

Hitachi Energy

Affected Products (1)

Hitachi Energy · TropOS <= 8.9.4.8

Affected Sectors

Critical Manufacturing, Energy

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more