← Back to home
ICSA-24-354-01  ·  Published 2024-12-19  ·  View on CISA ICS-CERT ↗

Hitachi Energy RTU500 series CMU

CVSS 5.9 MEDIUM

Risk Summary

Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition.

CVEs (1)

Remediations

  • Hitachi Energy recommends that users update to the respective series CMU firmware version as below.
  • Hitachi Energy RTU500 series CMU Firmware 12.0.15
  • Hitachi Energy RTU500 series CMU Firmware 12.2.12
  • Hitachi Energy RTU500 series CMU Firmware 12.4.12
  • Hitachi Energy RTU500 series CMU Firmware 12.6.10
  • Hitachi Energy RTU500 series CMU Firmware 12.7.7
  • Hitachi Energy RTU500 series CMU Firmware 13.2.7
  • Hitachi Energy RTU500 series CMU Firmware 13.4.4
  • Hitachi Energy RTU500 series CMU Firmware 13.5.2
  • Hitachi Energy recommends that customers follow the "Remote Terminal Units Security Deployment Guideline", as well as to apply mitigation as described below.
  • Hitachi Energy recommends users use recommended security practices and firewall configurations to help protect a process control network from attacks that originate from outside the network. Such practices include that process control systems are physically protected from direct access by unauthorized personnel, have no direct connections to the Internet, and are separated from other networks by means of a firewall system that has a minimal number of ports exposed, and others that have to be evaluated case by case. Process control systems should not be used for Internet surfing, instant messaging, or receiving e-mails. Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system.
  • For more information, see Hitachi Energy Cybersecurity Advisory "DoS Vulnerability in Hitachi Energy's RTU500 series products"
  • For additional information and support please contact your product provider or Hitachi Energy service organization. For contact information, see https://www.hitachienergy.com/contact-us/ for Hitachi Energy contact-centers.

Affected Vendors

Hitachi Energy

Affected Products (8)

Hitachi Energy · RTU500 series CMU Firmware >=12.0.1|<=12.0.14
Hitachi Energy · RTU500 series CMU Firmware >=12.2.1|<=12.2.11
Hitachi Energy · RTU500 series CMU Firmware >=12.4.1|<=12.4.11
Hitachi Energy · RTU500 series CMU Firmware >=12.6.1|<=12.6.9
Hitachi Energy · RTU500 series CMU Firmware >=12.7.1|<=12.7.6
Hitachi Energy · RTU500 series CMU Firmware >=13.2.1|<=13.2.6
Hitachi Energy · RTU500 series CMU Firmware >=13.4.1|<=13.4.3
Hitachi Energy · RTU500 series CMU Firmware 13.5.1

Affected Sectors

Energy

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more