Hitachi Energy PROMOD IV

Risk Summary

Successful exploitation of this vulnerability could allow an attacker to delete arbitrary files once the system is compromised.

CVEs (1)

Remediations

• Hitachi Energy is developing PROMOD IV version 11.5, which will contain a patch to resolve the vulnerability.
• Actbar2.ocx is no longer used by PROMOD IV. Users are encouraged to remove Actbar2.ocx.
• Physically protect process control systems from unauthorized direct access.
• Separate process control systems from other networks using a firewall system with the minimal number of ports open.
• Process control systems should not be used for internet browsing, instant messaging, or receiving emails.
• PROMOD IV should be deployed inside the enterprise's demilitarized zone (DMZ) network.
• Portable computers and removable storage media should be carefully scanned for viruses before connecting to a control system
• Users should follow the hardening guidelines published by The Center for Internet Security (CIS) to protect the host operating system.
• For more information, see Hitachi Energy advisory 8DBD000108.

Affected Vendors

Affected Products (1)

Affected Sectors

Energy