ICSA-22-272-01 · Published 2022-09-29 · View on CISA ICS-CERT ↗

Hitachi Energy MicroSCADA Pro X SYS600

CVSS 8.5 HIGH

Risk Summary

Successful exploitation of this vulnerability could cause SYS600 fail to start or an unauthorized actor to run scripts, and could cause a denial-of-service condition.

CVEs (5)

CVE-2022-1778 CVE-2022-2277 CVE-2022-29490 CVE-2022-29492 CVE-2022-29922

Remediations

For SYS600: 9.x upgrade to at least SYS600 version 10.4.
For SYS600: 10.x update to at least SYS600 version 10.4.
Do not enable ICCP if it is not used.
Hitachi Energy recommends following 1MRK511518 MicroSCADA X Cyber Security Deployment Guideline
For additional information and support users should contact Hitachi Energy.
Physically protect process control systems from unauthorized direct access.
Separate process control systems from the internet and other networks using a firewall system with minimal open ports.
Process control systems should not be used for internet surfing, instant messaging, or email.
Portable computers and removable storage media should be carefully scanned for viruses before connecting to a control system.
For more information, see Hitachi Energy advisory 8DBD000106

Affected Vendors

Hitachi Energy

Affected Products (2)

Hitachi Energy · SYS600 <= 10.3.1

Hitachi Energy · SYS600 <=9.4 FP2 Hotfix 4

Affected Sectors

Energy

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more