Risk Summary
Successful exploitation of these vulnerabilities could allow command injections and privilege escalation.
CVEs (3)
Remediations
- Hitachi Energy recommends users update to version 8.9.7.0 at the earliest convenience. While reviewing the immediate recommended actions, assess the risk exposure of affected products within the operational environment and update or upgrade if necessary.
- For more information, see the associated Hitachi Energy cybersecurity advisory 8DBD000214 Multiple Vulnerabilities in Hitachi Energy TropOS 4th Gen Products: PDF Version, CSAF Version.
- Hitachi Energy recommends security practices and firewall configurations to help protect a process control network from attacks that originate from outside the network. Such practices include ensuring that process control systems are physically protected from direct access by unauthorized personnel, have no direct connections to the Internet, and are separated from other networks by means of a firewall system that has a minimal number of ports exposed, and others that have to be evaluated case by case. Process control systems should not be used for browsing the Internet, instant messaging, or receiving e-mails. Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system.
Affected Vendors
Hitachi Energy
Affected Products (2)
Hitachi Energy
·
TropOS 4th Gen Firmware
<=8.9.6.0
Hitachi Energy
·
TropOS 4th Gen Firmware
<8.9.6.0
Affected Sectors
Critical Manufacturing, Energy
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more