Hitachi Energy XMC20

CVEs (1)

Remediations

• Enable the RADIUS Message-Authenticator option in both the XMC20 and RADIUS server configurations. Refer to the Technical User Documentation at https://publisher.hitachienergy.com/preview?DocumentID=1KHW029001&LanguageCode=en&DocumentPartId=R18&Action=launch.
• Update to XMC20 R18 and then enable the RADIUS Message-Authenticator option in both the XMC20 and RADIUS server configurations. Refer to the Technical User Documentation at https://publisher.hitachienergy.com/preview?DocumentID=1KHW029001&LanguageCode=en&DocumentPartId=R18&Action=launch.
• If the upgrade is not possible, apply general mitigation factors with segmentation of FOX management traffic to minimize the risk.
• For more information, see the associated Hitachi Energy cybersecurity advisory 8DBD000233 RADIUS MD5 Vulnerability in Hitachi Energy XMC20 product available in PDF format here https://publisher.hitachienergy.com/preview?DocumentID=8DBD000233&LanguageCode=en&DocumentPartId=&Action=launch or JSON format here https://publisher.hitachienergy.com/preview?DocumentID=8DBD000233-CSAF&LanguageCode=en&DocumentPartId=&Action=Launch.
• Hitachi Energy recommends implementing security practices and firewall configurations to help protect process control networks from external attacks. Such practices include ensuring that process control systems are physically protected from unauthorized access, have no direct Internet connections, and are separated from other networks by a firewall system that minimizes exposed ports, and any additional ports should be evaluated on a case-by-case basis. Process control systems should not be used for web browsing, instant messaging, or email. Portable computers and removable storage media should be thoroughly scanned for malware before being connected to a control system. Organizations should enforce proper password policies and procedures.

Affected Vendors

Affected Products (2)

Affected Sectors

Critical Manufacturing