Hitachi Energy IED Connectivity Packages and PCM600 Products (Update A)

Risk Summary

Successful exploitation of this vulnerability could allow an attacker to obtain sensitive credentials and gain access to the affected products, perform unauthorized modifications, or provoke a denial-of-service condition.

CVEs (1)

Remediations

• Hitachi Energy released the following recommended immediate actions:
• Update to PCM600 v2.11 Hotfix 20240426 or apply mitigation factors/workarounds as described below.
• After applying the hotfix, reimport and export the backup files to secure that they do not contain this vulnerability. More information to deploy PCM600 securely can be found in the following documents:
• 1MRS758440, PCM600 Cyber Security Deployment Guideline
• Hitachi Energy recommends the following steps to mitigate the risk of vulnerability exploitation:
• Implement the least privilege principle, continuously revising permissions and accesses to PCM600 related resources, including the backup file, PCMI, PCMP, PCMA and PCMT files.
• Use a firewall system with the minimal number of exposed ports to help protect a process control network from attacks originating from outside the network.
• Protect process control systems from direct, physical access by unauthorized personnel.
• Ensure process control systems are not directly connected to the internet.
• Separate process control systems from other networks via network segmentation techniques.
• Avoid using process control systems for browsing the internet, instant messaging, or receiving emails.
• Scan removable storage media for malware prior to connection to a process control system.
• For more information, see Hitachi Energy's Cybersecurity Advisory.

Affected Vendors

Affected Products (6)

Affected Sectors

Energy