Hitachi Energy’s MicroSCADA Pro/X SYS600 Products

Risk Summary

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected product.

CVEs (1)

Remediations

• Hitachi Energy has released the following mitigations/fixes:
• SYS600 9.x: upgrade to at least SYS600 version 10.2 or apply general mitigation factors.
• SYS600 10.x update to at least SYS600 version 10.2 or apply general mitigation factors.
• Hitachi Energy recommends general mitigation factors and workarounds:
• Recommended security practices and firewall configurations can help protect a process control network from attacks originating from outside the network.
• Keep process control systems physically protected from direct access by unauthorized personnel,
• Ensure process control systems have no direct connections to the internet, are separated from other networks by means of a firewall system that has a minimal number of ports exposed, and other practices that must be evaluated case by case.
• Avoid using process control systems for internet surfing, instant messaging, or receiving emails.
• Carefully scan portable computers and removable storage media for malware before connection to a control system.
• Ensure proper password policies and processes are followed.
• Hitachi Energy recommends following the cybersecurity deployment guideline as follows: 1MRK511518 MicroSCADA X Cyber Security Deployment Guideline.
• For more information, see Hitachi Energy cybersecurity advisory 8DBD000142.

Affected Vendors

Affected Products (2)

Affected Sectors

Energy