Risk Summary
Successful exploitation of these vulnerabilities could result in a denial-of-service condition on both the logging function of the device and its associated server.
CVEs (2)
Remediations
- Hitachi Energy has fixed the vulnerabilities in the following versions, and recommends users update their systems to the appropriate version:
- PCU400: Version 9.3.8 or 9.4 or later
- PCULogger: Version 1.1.0 or later
- Users should contact a Hitachi Energy representative for instructions on acquiring and installing the new versions.
- Hitachi Energy encourages users to apply recommended security practices and firewall configurations. These practices include, but are not limited to:
- Protect process control systems from physical access by unauthorized personnel.
- Do not allow process control systems to have direct connections to the Internet.
- Separate process control systems from other networks by means of a firewall system that has a minimal number of ports exposed.
- Apply security updates to installed software components.
- Do not use process control systems for personal use, such as web browsing or checking emails.
- Carefully scan portable computers and removable storage media for viruses before they are connected to a control system.
- For more information, see Hitachi Energy advisory 8DBD000137.
Affected Vendors
Hitachi Energy
Affected Products (2)
Hitachi Energy
·
PCU400
>= 9.3.0 - but not including 9.3.8
Hitachi Energy
·
PCULogger tool
1.0.1
Affected Sectors
Energy
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more