ICSA-22-116-01 · Published 2022-04-26 · View on CISA ICS-CERT ↗

Hitachi Energy System Data Manager

CVSS 7.5 HIGH

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to eavesdrop on traffic or to cause a denial-of-service condition.

CVE-2020-1968 CVE-2020-12243 CVE-2020-25709 CVE-2020-25710 CVE-2020-36229 CVE-2020-36230 CVE-2021-23840

The vulnerabilities are remediated as of the following product Version SDM600 Version 1.2 FP2 HF10 (Build Nr. 1.2.14002.506). Hitachi Energy recommends users apply the update at the earliest convenience from the SDM600 product website.
Implement and continuously revise least privileges principles to minimize permissions and accesses to SDM600 related resources.
Follow security practices as defined in SDM600 security deployment guideline and firewall configurations to help protect process control networks from attacks that originate from outside the network. Such practices include that process control systems are: Physically protected from direct access by unauthorized personnel. Not directly connected to the Internet. Separated from other networks by means of a firewall system that has a minimal number of ports exposed. Not used for Internet surfing instant messaging or receiving e-mails.
Carefully scan portable computers and removable storage media for viruses before connecting to a control system.
For additional information, see the Hitachi Energy security advisory.

Hitachi Energy

Hitachi Energy · All System Data Manager - SDM600 <1.2 FP2 HF10 (Build Nr. 1.2.14002.506)

Energy

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.