Hitachi Energy TXpert Hub CoreTec 4

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service condition on the product, modify configuration, obtain sensitive information from the device, and load malicious firmware.

CVEs (3)

Remediations

• Hitachi Energy recommends updating the affected products to the following versions to remediate CVE-2021-35530 and CVE-2021-35531 specifically: TXpert Hub CoreTec 4 version 2.3.0 or higher
• Physically protect process control systems from unauthorized direct access.
• Do not expose process control systems to the internet.
• Use a firewall system with the necessary ports open to separate process control systems from other networks.
• Process control systems should not be used for internet surfing, instant messaging, or receiving emails.
• Portable computers and removable storage media should be carefully scanned for viruses before connecting to process control systems.
• Ensure users of the system have individual user accounts. Shared user accounts should not be used.
• Users should have only the necessary rights required.
• System default user accounts should be deleted.
• Additionally, Hitachi Energy recommends following product Security Deployment Guidelines. Recommended practices for the affected product can be found in the TXpert Hub CoreTec 4 Software Manual.
• For more information, see Hitachi Energy security advisory 8DBD000080

Affected Vendors

Affected Products (3)

Affected Sectors

Energy