ICSA-22-111-03 · Published 2022-04-21 · View on CISA ICS-CERT ↗

Hitachi Energy MicroSCADA Pro/X SYS600

CVSS 8.8 HIGH

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to eavesdrop on traffic between network source and destination, gain unauthorized access to information, or cause a denial-of-service condition.

CVEs (9)

CVE-2020-1968 CVE-2020-8265 CVE-2020-8287 CVE-2020-8201 CVE-2020-8252 CVE-2020-8172 CVE-2020-8174 CVE-2021-32027 CVE-2021-32028

Remediations

Hitachi Energy recommends users update to Versions 10.3 or later. For obtaining the update users should contact the Hitachi Energy technical support team. If users don't know who to contact, they should reach the closest Hitachi Energy sales office.
Hitachi Energy recommends security practices and firewall configurations to help protect process control networks from attacks that originate from outside the network. Such practices include physically protecting process control systems from direct access by unauthorized personnel, having no direct connections to the Internet, separating from other networks by means of a firewall system that has a minimal number of ports exposed, and others that must be evaluated case by case. Process control systems should not be used for Internet surfing, instant messaging, or receiving e-mails. Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system.
For more information see Hitachi Energy advisory 8DBD000075

Affected Vendors

Hitachi Energy

Affected Products (3)

Hitachi Energy · SYS600 <= 10.1.1

Hitachi Energy · SYS600 <=9.4 FP1 | >= 10.2.1

Hitachi Energy · SYS600 >= 10.0.0 | <= 10.2.1

Affected Sectors

Energy

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more