Hitachi Energy TXpert Hub CoreTec 4 Sudo Vulnerability

Risk Summary

Successful exploitation of this vulnerability could allow an attacker to take control of the system node and its information.

CVEs (1)

Remediations

• TXpert Hub CoreTec 4: version 2.3.0
• Physically protect process control systems from unauthorized direct access.
• Do not expose process control systems to the internet.
• Use a firewall system with the necessary ports open to separate process control systems from other networks.
• Process control systems should not be used for internet surfing, instant messaging, or receiving emails.
• Portable computers and removable storage media should be carefully scanned for viruses before connecting to process control systems.
• Remove secure remote access (SSH) as described in the system hardening section of the security deployment guidelines. This will not remove the vulnerable component, but it will remove the ability of an attacker to remotely access the command line interface and exploit the vulnerability.
• Additionally, Hitachi Energy recommends following product Security Deployment Guidelines. Recommended practices for the affected product can be found in the TXpert Hub CoreTec 4 Software Manual.
• For more information, see Hitachi security advisory 8DBD000081

Affected Vendors

Affected Products (3)

Affected Sectors

Energy