ICS Vulnerability Report: Hitachi Energy Network Management Flaw Scores a Perfect 10

Overview

Critical vulnerabilities in Hitachi Energy UNEM Network Management Systems were among the highlights in Cyble’s weekly Industrial Control System (ICS) Vulnerability Intelligence Report, which also examined flaws in products from Delta Electronics, Schneider Electric and other ICS vendors.

Cyble Research & Intelligence Labs (CRIL) examined 16 vulnerabilities in the report for clients – half of which affect Hitachi Energy FOXMAN-UN products – based on ICS alerts by the Cybersecurity and Infrastructure Security Agency (CISA) between January 8-14.

Of the 16 vulnerabilities, two are critical, nine are high severity, and five are medium severity. They span Communication, Critical Manufacturing, Chemical, Energy, Wastewater Systems and Commercial Facilities, and could lead to operational disruption, data compromise, and unauthorized access or exploitation of key functionality in power supply systems, which are foundational to numerous industries.

Hitachi Energy Vulnerabilities

The Hitachi Energy vulnerabilities include improper authentication, buffer overflow, excessive authentication attempts, hard-coded passwords, and cleartext storage of sensitive information, underscoring the systems’ complexity and potential attack surfaces.

CVE-2024-2013, a 10.0-severity authentication bypass vulnerability in FOXMAN-UN, UNEM servers and API Gateways, could allow attackers without credentials to access the services and the post-authentication attack surface.

CVE-2024-2012, a 9.8-severity authentication bypass vulnerability in the network management products, could allow attackers to execute commands or code on UNEM servers, potentially allowing sensitive data to be accessed or changed.

The vulnerabilities were first reported in June 2024, but were the subject of a CISA advisory this week that cited the vulnerabilities’ low complexity and ability to be exploited remotely. CISA also cited six additional Hitachi Energy vulnerabilities, with CVSS v3 scores ranging from 4.1 to 8.6.

While some of the affected products can be patched with updates, Hitachi Energy notes that UNEM R16A and UNEM R15A are end of life (EOL) and recommends that users upgrade to UNEM R16B PC4 or R15B PC5 in addition to applying recommended mitigations.

Schneider Electric and Delta Electronics Vulnerabilities

Schneider Electric’s vulnerabilities, primarily in HMI and control system software, highlight the challenges in securing operational technology (OT) interfaces.

CVE-2024-11999 is an 8.7-rated Use of Unmaintained Third-Party Components vulnerability in Harmony HMI and Pro-face HMI automation components that could allow complete control of the device if an authenticated user installs malicious code into the HMI product.

CVE-2024-10511 is an Improper Authentication vulnerability in PowerChute Serial Shutdown UPS management software.

CVE-2024-8306 is an Improper Privilege Management vulnerability in Vijeo Designer HMI Configuration Software that could allow unauthorized access when non-admin authenticated users try to perform privilege escalation by tampering with the binaries.

CVE-2024-8401is a Cross-site Scripting (XSS) vulnerability in EcoStruxure power monitoring and operation products.

The three Delta Electronics vulnerabilities are all high-severity Remote Code Execution flaws tied to its DRASimuCAD design software: CVE-2024-12834, CVE-2024-12835 and CVE-2024-12836.

Recommendations for Mitigating ICS Vulnerabilities 

Cyble recommended a number of controls for mitigating ICS vulnerabilities and improving the overall security of ICS systems. The measures include:

Staying on top of security advisories and patch alerts issued by vendors and regulatory bodies like CISA. A risk-based approach to vulnerability management is recommended, with the goal of reducing the risk of exploitation.

Implementing a Zero-Trust Policy to minimize exposure and ensuring that all internal and external network traffic is scrutinized and validated.

Developing a comprehensive patch management strategy that covers inventory management, patch assessment, testing, deployment, and verification. Automating these processes can help maintain consistency and improve efficiency.

Proper network segmentation can limit the potential damage caused by an attacker and prevent lateral movement across networks. This is particularly important for securing critical ICS assets.

Conducting regular vulnerability assessments and penetration testing to identify gaps in security that might be exploited by threat actors.

Establishing and maintaining an incident response plan, and ensuring that the plan is tested and updated regularly to adapt to the latest threats.

Ongoing cybersecurity training programs should be mandatory for all employees, especially those working with Operational Technology (OT) systems. Training should focus on recognizing phishing attempts, following authentication procedures, and understanding the importance of cybersecurity practices in day-to-day operations.

Conclusion

Industrial Control Systems (ICS) vulnerabilities can threaten critical infrastructure environments, with the potential to disrupt operations, compromise sensitive data, and cause physical damage. Staying on top of ICS vulnerabilities and applying good cybersecurity hygiene and controls can limit risk.

To access the full report on ICS vulnerabilities observed by Cyble, along with additional insights and details, click here. By adopting a comprehensive, multi-layered security approach that includes effective vulnerability management, timely patching, and ongoing employee training, organizations can reduce their exposure to cyber threats. With the right tools and intelligence, such as those offered by Cyble, critical infrastructure can be better protected, ensuring its resilience and security in an increasingly complex cyber landscape.

The post ICS Vulnerability Report: Hitachi Energy Network Management Flaw Scores a Perfect 10 appeared first on Cyble.

Blog – Cyble – Read More