Hitachi Energy RTU500 OpenLDAP

Risk Summary

Successful exploitation of these vulnerabilities could cause a denial-of-service condition in the affected version of the RTU500 series product.

CVEs (2)

Remediations

• RTU500 series CMU: Firmware Versions 12.4.X to Version 12.4.11 (to be released by end of January 2022)
• RTU500 series CMU: Firmware Versions 12.6.X to Version 12.6.7
• RTU500 series CMU: Firmware Versions 12.7.X to Version 12.7.2
• RTU500 series CMU: Firmware Versions 13.0.X to Version 13.2.3
• RTU500 series CMU: Firmware Versions 13.1.X to Version 13.2.3
• RTU500 series CMU: Firmware Versions 13.2.X to Version 13.2.3
• As the vulnerabilities affect only the RTU500 series in which CAM function is configured and enabled, a possible mitigation is to disable the CAM function if it is not used.
• The CAM function is disabled by default.
• Physically protect process control systems from direct access by unauthorized personnel.
• Do not directly connect to the Internet.
• Separate from other networks by means of a firewall system that has a minimal number of ports exposed.
• Process control systems should not be used for Internet surfing, instant messaging, or receiving emails.
• Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system. Please see Hitachi Energy advisory 8DBD000066 for further mitigation and update information.

Affected Vendors

Affected Products (6)

Affected Sectors

Energy