The US Cybersecurity and Infrastructure Security Agency (CISA) published advisories last week to inform organizations using Hitachi Energy products about several recently addressed critical and high-severity vulnerabilities.
Cybersecurity Advisory – Incomplete Access Control Vulnerability in User Asset Group Feature of Hitachi Energy’s Lumada APM Product [CVE-2022-2155]
Cybersecurity Advisory – OpenSSL and Zlib Related Vulnerabilities in Hitachi Energy’s Lumada Asset Performance Management (APM) Product [CVE-2022-3602, CVE-2022-3786, CVE-2022-37434]
Cybersecurity Advisory – Multiple Vulnerabilities in Hitachi Energy FOXMAN-UN Product [CVE-2021-40341, CVE-2021-40342, CVE-2022-3927, CVE-2022-3928, CVE-2022-3929 ]
Cybersecurity Advisory – Multiple Vulnerabilities in Hitachi Energy’s UNEM Product [ CVE-2021-40341, CVE-2021-40342, CVE-2022-3927, CVE-2022-3928, CVE-2022-3929 ]
Cybersecurity Advisory – OpenSSL v3.x Related Vulnerabilities in Hitachi Energy’s Network Manager Process Communication Unit PCU400 Product [ CVE-2022-3602, CVE-2022-3786 ]
CISA has published various advisories describing flaws in Hitachi Energy’s products varying from UNEM, a component of their Network Management system (NMS), Foxman-UN, another product in the NMS suite to OpenSSL and Zlib components.
The exploits relate to the encryption of user credentials and how they can be exploited to obtain sensitive information and modify the systems through Network access. The OpenSSL vulnerability can be exploited to cause DoS (Denial-of-Service) attacks and has been classified as ‘High Severity’, while the Zlib is a ‘Critical’ classification and can allow for arbitrary code execution.
- The UNEM vulnerability stems from the use of DES Encryption, which is no longer deemed secure due to its short 56-bit key, this could allow the cypher to be decrypted in a very short time. Default key encryption with DES could also be exploited to obtain sensitive information. Hard-coded credentials in the message queue are also vulnerable to exploitation.
- The same issues for UNEM also exist in the FOXMAN-UN products.
The OpenSSL and Zlib vulnerabilities affect versions of the Lumada APM. OpenSSL’s buffer overflow vulnerabilities can trigger an X.509 certificate verification that can be used to force APM to connect to malicious servers. The Zlib library contains an out-of-bounds write vulnerability and exploitation can cause DoS or execution of arbitrary code.
Splice shields vulnerable OT equipment such as this inside an encrypted overlay network, reducing the cyber attack surface.