ABB Low Voltage DC Drives and Power Controllers with CODESYS RTS Integration

ABB Low Voltage DC Drives and Power Controllers with CODESYS RTS Integration: A Comprehensive Analysis

1. EXECUTIVE SUMMARY

The recent identification of vulnerabilities in Hitachi Energy’s TRMTracker software has raised significant concerns regarding the security of low voltage DC drives and power controllers integrated with CODESYS RTS. With a CVSS v4 score of 6.9, these vulnerabilities are classified as remotely exploitable with low attack complexity, making them particularly concerning for organizations relying on this technology. The vulnerabilities include LDAP injection, host header injection, and cross-site scripting (XSS), which could allow attackers to execute remote commands, poison web caches, and compromise sensitive information. This report will analyze the implications of these vulnerabilities across various domains, including security, economic impact, and mitigation strategies.

2. RISK EVALUATION

The successful exploitation of the identified vulnerabilities could have serious repercussions for organizations utilizing TRMTracker. Attackers could execute limited remote commands, potentially leading to unauthorized access to sensitive data or system manipulation. The ability to poison web caches could disrupt service availability and integrity, while XSS vulnerabilities could compromise user data and system integrity. Given the critical infrastructure sectors affected, particularly energy, the stakes are high, necessitating immediate attention and action from stakeholders.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The vulnerabilities affect the following versions of TRMTracker:

• TRMTracker Versions 6.2.04 and prior: These versions are particularly vulnerable and require immediate updates.
• TRMTracker Versions 6.3.0 and 6.3.01: These versions also contain vulnerabilities that need addressing.

3.2 VULNERABILITY OVERVIEW

3.2.1 LDAP Injection (CWE-90)

The TRMTracker web application is susceptible to LDAP injection attacks, which could allow an attacker to manipulate LDAP queries. This vulnerability, identified as CVE-2025-27631, has a CVSS v3.1 base score of 6.5 and a CVSS v4 score of 6.9. The implications of this vulnerability are significant, as it could enable unauthorized data access and modification.

3.2.2 Host Header Injection (CWE-74)

This vulnerability allows attackers to modify the host header in HTTP requests, potentially leading to web-cache poisoning and site content defacement. Assigned CVE-2025-27632, this vulnerability has a CVSS v3.1 base score of 6.1 and a CVSS v4 score of 5.3. The ability to manipulate site content poses a risk to the integrity and availability of services.

3.2.3 Cross-Site Scripting (CWE-79)

The TRMTracker application is also vulnerable to reflected cross-site scripting attacks, which could allow attackers to inject client-side code. This vulnerability, identified as CVE-2025-27633, has a CVSS v3.1 base score of 6.1 and a CVSS v4 score of 5.3. The potential for data compromise through XSS attacks is a critical concern for organizations.

3.3 BACKGROUND

• CRITICAL INFRASTRUCTURE SECTORS: Energy
• COUNTRIES/AREAS DEPLOYED: Worldwide
• COMPANY HEADQUARTERS LOCATION: Switzerland

3.4 RESEARCHER

The vulnerabilities were reported by Eskom Holdings SOC Ltd, South Africa, highlighting the importance of collaboration in identifying and addressing security issues in critical infrastructure.

4. MITIGATIONS

Hitachi Energy has recommended the following updates to mitigate the identified vulnerabilities:

• For TRMTracker Versions 6.2.04 and below: Update to v6.2.04.014 or v6.3.02.
• For TRMTracker Versions 6.3.0 and 6.3.01: Update to v6.3.02.
• General Mitigation Factors: Implement recommended security practices and firewall configurations to protect process control networks.

Organizations are advised to follow best practices for cybersecurity, including physical protection of process control systems, avoiding direct Internet connections, and ensuring proper password policies. CISA has also provided guidance on defensive measures and recommended practices for industrial control systems, emphasizing the importance of proactive defense strategies.

5. UPDATE HISTORY

• April 3, 2025: Initial republication of Hitachi Energy 8DBD000210.

6. STRATEGIC INSIGHT

The vulnerabilities identified in Hitachi Energy’s TRMTracker software underscore the critical need for robust cybersecurity measures in the energy sector. As the reliance on digital technologies increases, so does the potential attack surface for malicious actors. Organizations must prioritize cybersecurity investments, not only to protect their assets but also to ensure the integrity and reliability of essential services.

Furthermore, the collaboration between organizations like Eskom Holdings and Hitachi Energy highlights the importance of information sharing in the cybersecurity landscape. By working together, organizations can better identify vulnerabilities and develop effective mitigation strategies.

In conclusion, the vulnerabilities in TRMTracker serve as a reminder of the ongoing challenges faced by critical infrastructure sectors in safeguarding against cyber threats. Organizations must remain vigilant, continuously assess their security posture, and adapt to the evolving threat landscape to protect their operations and maintain public trust.