The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published six advisories to inform organizations about the availability of security patches and notifications for vulnerabilities impacting Hitachi Energy products.
CISA’s advisories are related to RTU500 series bidirectional communication interface, Relion protection and control IEDs, Retail Operations and Counterparty Settlement and Billing (CSB) software, the Asset Performance Management (APM) Edge software for transformers, and the PCM600 update manager.
The advisories address tens of vulnerabilities, most of them are related to third-party libraries used by the products such as OpenSSL, LibSSL, libxml2, and GRUB2.
The security flaws can allow threat actors to trigger a DoS condition, execute arbitrary code, eavesdrop on traffic, access or modify data, install untrusted software packages. Some of the flaws are remotely exploitable.
The full list of the advisories published by the company is available on the website of the company.
The good news is that Hitachi Energy is not aware of any malicious exploitation of these vulnerabilities in the wild.
(SecurityAffairs – hacking, IKEA)