ICSA-21-336-06 · Published 2021-12-02 · View on CISA ICS-CERT ↗

Hitachi Energy APM Edge

CVSS 9.1 CRITICAL

Risk Summary

Successful exploitation of this vulnerability could cause the product to become inaccessible.

CVEs (29)

CVE-2021-3449 CVE-2020-1971 CVE-2019-1563 CVE-2019-1549 CVE-2019-1547 CVE-2021-23840 CVE-2021-23841 CVE-2017-8872 CVE-2019-20388 CVE-2020-24977 CVE-2021-3516 CVE-2021-3517 CVE-2021-3518 CVE-2021-3537 CVE-2021-3541 CVE-2020-10713 CVE-2020-14308 CVE-2020-14309 CVE-2020-14310 CVE-2020-14311 CVE-2020-15705 CVE-2020-15706 CVE-2020-15707 CVE-2020-14372 CVE-2020-25632 CVE-2020-27749 CVE-2020-27779 CVE-2021-20225 CVE-2021-20233

Remediations

Hitachi Energy recommends users update to Transformer APM Edge v4.0. This version updates the software components to remediate this vulnerability.
Physically protect process control systems from direct access by unauthorized personnel.
Do not directly connect to the Internet.
Separated from other networks by means of a firewall system that has a minimal number of ports exposed.
Process control systems should not be used for Internet surfing, instant messaging, or receiving e-mails.
Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system.
Please see Hitachi Energy advisory 8DBD000057 for additional mitigation and update information.

Affected Vendors

Hitachi Energy

Affected Products (3)

Hitachi Energy · APM Edge 3.0

Hitachi Energy · APM Edge 2.0

Hitachi Energy · APM Edge 1.0

Affected Sectors

Energy

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more