Hitachi Energy Vulnerabilities Plague SCADA Power Systems

The company has assessed four of the five disclosed vulnerabilities as being of high to critical severity.

Hitachi Energy is urging customers of its MicroSCADA X SYS600 product for monitoring and controlling utility power systems to immediately upgrade to a newly released version to mitigate multiple critical and high-severity vulnerabilities.
In a security advisory this week, the company described the vulnerabilities as enabling attacks that could have serious confidentiality, integrity, and availability impacts on affected products.
Hiatchis MicroSCADA X SYS600 is a system that it acquired from its purchase of ABBs Power Grids business. Hitachi Electric says the technology is
currently deployed across more than 10,000 substations,
and is being used to manage and monitor power across power grids, process industries, data centers, seaports, hospitals, railways, and at least 30 airports.
Risk from compromise could be significant: power companies use MicroSCADA to enable
real-time monitoring and control
of primary and secondary equipment in transmission and distribution substations, according to the company. Hitachi lists the products main features as including disturbance analysis, power quality monitoring, and both manual and automatic control.
Four of the five vulnerabilities that
Hitachi disclosed
impact MicroSCADA X SYS600 versions 10.5 and below. The other is present in MicroSCADA X SYS600 versions 10.2 to 10.5. Hitachi wants customers using affected versions to update to the new version 10.6 right away.
These vulnerabilities were detected and reported internally in Hitachi Energy, the advisory noted, adding some good news: Hitachi Energy is not aware of these vulnerabilities being exploited in the wild at the time of this advisory publication, on Aug. 27.
However, that could change. Products such as these can be attractive targets for attackers seeking to disrupt or degrade power supplies. Many recent examples involve Russian actors targeting power systems in Ukraine in attacks that have caused major blackouts and
disruption
across wide areas, including via Hitachi gear.
In one incident, Russias Sandworm group is thought to have used a
compromised MicroSCADA server
to send commands to a substations remote terminal units and trigger a power outage in Ukraine just prior to a Russian missile barrage. In a Dark Reading column last year, a Hitachi Energy executive himself identified
digital substations as being of particular interest
to cyberattackers because of the potential damage they could cause via a coordinated attack.
Hitachi is tracking the five new vulnerabilities in MicroSCADA X SYS600 as
CVE-2024-4872
;
CVE-2024-3980
;
CVE-2024-3982
;
CVE-2024-7940
; and
CVE-2024-7941
.
Four of the vulnerabilities have severity ratings of 8.2 or higher on the 10-point CVSS scale.
Of these, CVE-2024-4872 and CVE-2024-3980 appeared to be the most critical, with a near-maximum vulnerability score of 9.9 out of 10.0. Hitachi identified CVE-2024-4872 as enabling SQL injection attacks resulting from the products failure to properly validate user queries. The company described CVE-2024-3980 as an argument injection vulnerability that attackers could leverage to access or modify system files and other critical application files on affected systems.
CVE-2024-3982 (CVSS score 8.2) meanwhile is an authentication bypass vulnerability that enables session hijacking. However, to pull it off an attacker would need to have local access to a machine where a vulnerable instance of MicroSCADA X SYS600 is installed, and enable session logging, Hitachi said.
By default, the session logging level is not enabled and only users with administrator rights can enable it, the company noted.
CVE-2024-7940 (CVSS score 8.3) has to do with missing authentication for a critical function that exposes what should be a local service to all network services without any authentication.
And lastly, CVE-2024-7941, a vulnerability that offers a way to redirect users to a malicious site or attacker-controlled URL, is a relatively low-severity threat with a CVSS score of 4.3.
By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials, Hitachi explained.

Last News
▸ SMBs can enhance security via Cloud in 4 ways. ◂ Discovered: 26/12/2024 Category: security	▸ Google and Facebook reassure U.K.: No snooping. ◂ Discovered: 26/12/2024 Category: security	▸ New startup offers human verification process. ◂ Discovered: 26/12/2024 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Hitachi Energy Vulnerabilities Plague SCADA Power Systems