ICSA-23-129-02 · Published 2023-05-10 · View on CISA ICS-CERT ↗

Hitachi Energy MSM

CVSS 9.8 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to obtain user access credentials of the MSM web interface or cause a denial-of-service condition.

CVEs (8)

CVE-2021-43298 CVE-2020-15688 CVE-2019-16645 CVE-2019-12822 CVE-2018-15504 CVE-2018-15505 CVE-2021-41615 CVE-2023-23916

Remediations

MSM is not intrinsically designed nor intended to be directly connected to the internet. Users should disconnect the device from any internet-facing network.
Hitachi Energy suggests adopting user access management and antivirus protection software equipped with the latest signature rules on hosts with the Manufacturing Message Specification (MMS) Client application installed. Users can implement the operating system user access management functionality, if supported, to limit the probability of unauthorized access followed by rogue commands at the operating system level via MMS client application.
Also, Hitachi Energy recommends following the hardening guidelines published by “The Center for Internet Security (CIS)” to protect the host operating system of machines connecting with MSM. These guidelines help prevent the lateral movement of the attack vector into MSM via these connected devices. Some examples for Windows based computers include:
CIS Microsoft Windows Desktop Benchmarks (cisecurity.org)
CIS Microsoft Windows Server Benchmarks (cisecurity.org)
According to Hitachi Energy, users should follow recommended security practices and firewall configurations to help protect a network from outside attacks, including:
Physically protecting systems from direct access by unauthorized personnel.
Ensuring monitoring systems have no direct connections to the internet.
Separating monitoring system networks from other networks using a firewall system with a minimal number of ports exposed.
Hitachi advises that monitoring systems should not be used for internet surfing, instant messaging, or receiving emails. Portable computers and removable storage media should be carefully scanned for malware prior to connection to monitoring systems.
For more information, see Hitachi Energy advisory 8DBD000154.

Affected Vendors

Hitachi Energy

Affected Products (1)

Hitachi Energy · MSM 2.2.5

Affected Sectors

Energy

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more