Hitachi Energy MACH GWS

SUMMARY Hitachi Energy is aware of these vulnerabilities that affect the MACH GWS product versions listed in this document. An attacker successfully exploiting these vulnerabilities can cause confidentiality, integrity and availability impacts. Please refer to the Recommended Immediate Actions...

Hitachi Energy TRMTracker

SUMMARY Hitachi Energy is aware of the multiple vulnerabilities that affect the TRMTracker product versions listed in this document. An attacker successfully exploiting these vulnerabilities can cause confidentiality and integrity impacts. Please refer to the Recommended Immediate Actions for...

Hitachi Energy PCU400

SUMMARY Hitachi Energy is aware of the multiple vulnerabilities related to various versions of OpenSSL library components used in PCU400 versions listed in this document below for IEC62351-3 secure for IEC104/DNP3 or PCULogger tool. These vulnerabilities if exploited, can cause confidentiality...

Hitachi Energy Service Suite

SUMMARY Hitachi Energy is aware of the multiple vulnerabilities related to open-source Apache Tomcat components that affect the Service Suite product versions listed in this document. An attacker successfully exploiting these vulnerabilities can cause confidentiality, integrity and availability...

Fortinet Firewalls Hit with New Zero-Day Attack, Older Data Leak

Executive summary Rapid7 is investigating two separate events affecting Fortinet firewall customers: Zero-day exploitation of CVE-2024-55591, an authentication bypass vulnerability in FortiOS and FortiProxy disclosed earlier this week. Successful exploitation could allow remote attackers to gain...

Hitachi Energy MicroSCADA Pro/X SYS600 (Update A)

SUMMARY Hitachi Energy is aware of the multiple vulnerabilities that affect the MicroSCADA Pro/X SYS600 product versions listed in this document. An attacker successfully exploiting these vulnerabilities can cause confidentiality, integrity and availability impacts. Please refer to the...

Hitachi Energy XMC20

SUMMARY Hitachi Energy is aware of a vulnerability that affects the XMC20 versions listed below. Please refer to the “Recommended Immediate Actions” for information about the remediation. 2. GENERAL MITIGATION FACTORS/WORKAROUNDS Recommended security practices and firewall configurations can...

Hitachi Energy FOX61x Products

SUMMARY Hitachi Energy is aware of a vulnerability that affects the XMC20 versions listed below. Please refer to the “Recommended Immediate Actions” for information about the remediation. 2. GENERAL MITIGATION FACTORS/WORKAROUNDS Recommended security practices and firewall configurations can...

Hitachi Energy UNEM

SUMMARY Hitachi Energy is aware of multiple internal reported vulnerabilities that affects the UNEM versions listed below. Please refer to the “Recommended Immediate Actions” for information about the remediation. 2. GENERAL MITIGATION FACTORS/WORKAROUNDS Recommended security practices and...

Hitachi Energy SDM600

SUMMARY Hitachi Energy is aware of multiple vulnerabilities that affect the SDM600 versions listed below. An attacker who managed to be authenticated to SDM600 and successfully exploit these vulnerabilities could elevate privileges and gain unauthorized access to the system. SDM600 version 1.3.4...

Hitachi Energy RTU500 Series Product (Update B)

SUMMARY Hitachi Energy is aware of the vulnerability CVE-2024-2617 in the RTU500 Web server component, that affects the RTU500 versions that are listed below. An attacker successfully exploiting this vulnerability could bypass secure update. Please refer to the Recommended Immediate Actions for...

Hitachi Energy Relion 670/650/SAM600-IO Series (Update C)

SUMMARY Hitachi Energy is aware of the vulnerability CVE-2023-4518 that affects the Relion 670/650/SAM600-IO series that are listed below. An attacker successfully exploiting this vulnerability could cause operational disruptions of the devices. For immediate mitigation/workaround information,...

Hitachi Energy MACH System Software

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION : Exploitable remotely/low attack complexity Vendor : Hitachi Energy Equipment : MACH System Software Vulnerabilities : Path Traversal, Exposure of Resource to Wrong Sphere 2. RISK EVALUATION Successful exploitation of these vulnerabilities...

Hitachi Energy MicroSCADA Pro X SYS600

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: MicroSCADA Pro/X SYS600 Vulnerability: NULL Pointer Dereference, Infinite Loop 2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause the affected...

Hitachi Energy AFS660/AFS665

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: AFS660/AFS665 Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to overflow an internal buffer...

Hitachi Energy PROMOD IV

1. EXECUTIVE SUMMARY CVSS v3 9.0 ATTENTION: Exploitable Remotely Vendor: Hitachi Energy Equipment: PROMOD IV Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to delete arbitrary files once the system is compromised...

Hitachi Energy TXpert Hub CoreTec 4 Sudo Vulnerability

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Hitachi Energy Equipment: TXpert Hub CoreTec 4 Vulnerability: Off-by-one Error 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to take control of the system node and its information...

Hitachi Energy TXpert Hub CoreTec 4

1. EXECUTIVE SUMMARY CVSS v3 6.0 Vendor: Hitachi Energy Equipment: TXpert Hub CoreTec 4 Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Improper Input Validation, Download of Code Without Integrity Check 2. RISK EVALUATION Successful exploitation of these...

Hitachi Energy MSM Product

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: MSM Product Vulnerability: Reliance on Uncontrolled Component 2. RISK EVALUATION Successful exploitation of this vulnerability could disrupt the functionality of the MSM web...

A CISO's Ultimate Security Validation Checklist

If you're heading out of the office on a well-deserved vacation, are you certain the security controls you have in place will let you rest easy while you're away? More importantly – do you have the right action plan in place for a seamless return? Whether you're on the way out of – or back to – t...