ICSA-24-205-02
·
Published 2024-07-23
·
View on CISA ICS-CERT ↗
Hitachi Energy AFS/AFR Series Products
CVSS 7.5
HIGH
Risk Summary
Successful exploitation of these vulnerabilities could allow an attacker to create a denial-of-service condition.
Remediations
- Hitachi Energy has released the following mitigations/fixes:
- AFS650: Update to AFS 650 firmware version 9.1.10
- AFS660-C, AFS665-B, AFS670-V2: Update to AFS 66x firmware version 7.1.08
- AFS670/675/677, AFR677: Update to AFS/AFR 67x firmware version 9.1.10
- In addition, recommended security practices and firewall configurations can help protect a process control network from attacks that originate from outside the network. Such practices include that process control systems are physically protected from direct access by unauthorized personnel, have no direct connections to the Internet, and are separated from other networks by means of a firewall system that has a minimal number of ports exposed, and others that have to be evaluated case by case. Process control systems should not be used for Internet surfing, instant messaging, or receiving e-mails. Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system.
- For more information, see Hitachi Energy's Cybersecurity Advisory.
Affected Vendors
Hitachi Energy
Affected Products (8)
Hitachi Energy
·
AFS650
<=9.1.08
Hitachi Energy
·
AFS660-C
<=7.1.05
Hitachi Energy
·
AFS665-B
<=7.1.05
Hitachi Energy
·
AFS670-V2
<=7.1.05
Hitachi Energy
·
AFS670
<=9.1.08
Hitachi Energy
·
AFS675
<=9.1.08
Hitachi Energy
·
AFS677
<=9.1.08
Hitachi Energy
·
AFR677
<=9.1.08
Affected Sectors
Energy
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more