Skip to main content
Emerging ThreatsMalware & Ransomware

FBI Issues Alert on Data Extortion Scheme Aimed at Corporate Leaders

FBI Issues Alert on Data Extortion Scheme Aimed at Corporate Leaders

1. EXECUTIVE SUMMARY

  • CVSS v3 7.5
  • ATTENTION: Exploitable remotely/low attack complexity
  • Vendor: Hitachi Energy
  • Equipment: PCU400, PCULogger
  • Vulnerabilities: Access of Resource Using Incompatible Type (‘Type Confusion’), NULL Pointer Dereference, Use After Free, Double Free, Observable Discrepancy, Out-of-bounds Read

2. RISK EVALUATION

The vulnerabilities identified in Hitachi Energy’s products could have severe implications for organizations utilizing these systems. Exploitation may allow attackers to access or decrypt sensitive data, crash device applications, or induce denial-of-service conditions. Given the critical nature of the affected products in industrial control systems, the potential for operational disruption and data compromise is significant.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

Hitachi Energy has confirmed that the following products are vulnerable:

  • PCU400: Version 6.5 K and prior
  • PCU400: Version 9.4.1 and prior
  • PCULogger: Version 1.1.0 and prior

3.2 VULNERABILITY OVERVIEW

3.2.1 ACCESS OF RESOURCE USING INCOMPATIBLE TYPE (‘TYPE CONFUSION’) CWE-843

This vulnerability involves a type confusion issue related to X.400 address processing within an X.509 GeneralName. The misinterpretation of address types can lead to arbitrary memory access, potentially allowing attackers to read sensitive data or cause application crashes. The exploitation requires specific conditions, making it less likely but still a critical concern for applications that implement their own CRL retrieval mechanisms.

CVE-2023-0286 has been assigned to this vulnerability, with a CVSS v3 base score of 7.4.

3.2.2 NULL POINTER DEREFERENCE CWE-476

This vulnerability can be triggered when an application checks a malformed DSA public key, leading to application crashes. Attackers can exploit this by supplying untrusted public keys, potentially causing denial-of-service attacks.

CVE-2023-0217 has been assigned, with a CVSS v3 base score of 7.5.

3.2.3 NULL POINTER DEREFERENCE CWE-476

This vulnerability occurs when loading malformed PKCS7 data, resulting in application crashes. Similar to the previous vulnerability, it can be exploited through untrusted data sources.

CVE-2023-0216 has been assigned, with a CVSS v3 base score of 7.5.

3.2.4 NULL POINTER DEREFERENCE CWE-476

This vulnerability arises during signature verification on PKCS7 data, potentially leading to application crashes due to improper handling of hash algorithm implementations.

CVE-2023-0401 has been assigned, with a CVSS v3 base score of 7.5.

3.2.5 USE AFTER FREE CWE-416

This vulnerability can occur in the BIO_new_NDEF function, leading to crashes when improperly managed memory is accessed. This can be exploited through specific API calls that do not handle errors correctly.

CVE-2023-0215 has been assigned, with a CVSS v3 base score of 7.5.

3.2.6 DOUBLE FREE CWE-415

This vulnerability can lead to crashes when a PEM file with zero bytes of payload data is processed, allowing attackers to exploit the double free condition.

CVE-2022-4450 has been assigned, with a CVSS v3 base score of 7.5.

3.2.7 OBSERVABLE DISCREPANCY CWE-203

A timing-based side channel vulnerability exists in the RSA decryption implementation, which could allow attackers to recover plaintext through careful observation of processing times during decryption attempts.

CVE-2022-4304 has been assigned, with a CVSS v3 base score of 5.9.

3.2.8 OUT-OF-BOUNDS READ CWE-125

This vulnerability can lead to read buffer overruns during X.509 certificate verification, potentially resulting in application crashes or the disclosure of sensitive memory contents.

<a href="https://www.cve.org/CVERecord?id=CVE-2022-