Hitachi Energy Gateway Station

Risk Summary

Successful exploitation of these vulnerabilities could cause part of GWS fail to start, allow unauthorized actors to run scripts, and/or cause a denial-of-service.

CVEs (4)

Remediations

• Hitachi Energy has created an update to address the reported vulnerabilities and recommends users update to at least GWS version 3.3.0.0
• Hitachi Energy recommends the following general mitigation factors and security practices:
• Configure firewalls to protect process control networks from attacks originating from outside the network
• Physically protect process control systems from direct access by unauthorized personnel
• Avoid directly connecting control systems to the internet
• Separate process control networks from other networks using a firewall system with a minimal number of ports exposed
• Process control systems should not be used for internet surfing, instant messaging, or receiving emails
• Portable computers and removable storage media should be carefully scanned for viruses before connecting to a control system
• Enforce proper password policies and processes
• For more information, see Hitachi security advisory 8DBD000116.

Affected Vendors

Affected Products (3)

Affected Sectors

Energy