ICSA-23-269-02
·
Published 2023-09-26
·
View on CISA ICS-CERT ↗
Hitachi Energy Asset Suite 9
CVSS 6.9
MEDIUM
Risk Summary
Successful exploitation of this vulnerability could allow an authenticated user to enter an arbitrary password to execute equipment tag out actions.
CVEs (1)
Remediations
- Hitachi Energy recommends applying one the following mitigation actions until a fix has been delivered in a patch:
- Configure Asset Suite 9 with a different authentication method other than SSO.
- Configure Asset Suite security to disallow holder actions to be taken on behalf of other employees by removing authorization for the following security events to all users: T214ACT, T214RLS, and T214CLR.
- Set Equipment Tag Out preference 'C/O HOLDER PSWD' to 'N'.
- For more information, see Hitachi Energy advisory 8DBD000172
Affected Vendors
Hitachi Energy
Affected Products (2)
Hitachi Energy
·
Asset Suite
<= 9.6.3.11.1
Hitachi Energy
·
Asset Suite
9.6.4
Affected Sectors
Energy
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more