Skip to main content
CybersecurityInfrastructure

Hitachi Energy PCU400: A Comprehensive Overview

Hitachi Energy PCU400: A Comprehensive Overview

1. EXECUTIVE SUMMARY

  • CVSS v3 7.5
  • ATTENTION: Exploitable remotely/low attack complexity
  • Vendor: Hitachi Energy
  • Equipment: PCU400, PCULogger
  • Vulnerabilities: Access of Resource Using Incompatible Type (‘Type Confusion’), NULL Pointer Dereference, Use After Free, Double Free, Observable Discrepancy, Out-of-bounds Read

2. RISK EVALUATION

The vulnerabilities identified in the Hitachi Energy PCU400 and PCULogger products pose significant risks. Exploitation of these vulnerabilities could enable an attacker to access or decrypt sensitive data, crash the device application, or create a denial-of-service condition. Given the critical nature of the infrastructure these devices support, the potential for operational disruption is considerable.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

Hitachi Energy has confirmed that the following products are affected by the vulnerabilities:

  • PCU400: Version 6.5 K and prior
  • PCU400: Version 9.4.1 and prior
  • PCULogger: Version 1.1.0 and prior

3.2 VULNERABILITY OVERVIEW

3.2.1 ACCESS OF RESOURCE USING INCOMPATIBLE TYPE (‘TYPE CONFUSION’) CWE-843

This vulnerability involves a type confusion issue related to X.400 address processing within an X.509 GeneralName. The incorrect specification of the x400Address field allows attackers to manipulate memory access, potentially leading to unauthorized data access or denial-of-service conditions. The exploitation requires specific conditions, making it less likely but still a critical concern for applications that handle certificate revocation lists (CRLs).

CVE-2023-0286 has been assigned to this vulnerability, with a CVSS v3 base score of 7.4.

3.2.2 NULL POINTER DEREFERENCE CWE-476

This vulnerability can be triggered when an application checks a malformed DSA public key, leading to application crashes. It poses a risk for denial-of-service attacks, particularly when untrusted public keys are involved.

CVE-2023-0217 has been assigned to this vulnerability, with a CVSS v3 base score of 7.5.

3.2.3 NULL POINTER DEREFERENCE CWE-476

This vulnerability arises when malformed PKCS7 data is processed, leading to application crashes. Similar to the previous vulnerability, it can be exploited through untrusted data sources.

CVE-2023-0216 has been assigned to this vulnerability, with a CVSS v3 base score of 7.5.

3.2.4 NULL POINTER DEREFERENCE CWE-476

This vulnerability occurs during signature verification on PKCS7 data, potentially leading to application crashes. It is particularly relevant for applications that handle untrusted data.

CVE-2023-0401 has been assigned to this vulnerability, with a CVSS v3 base score of 7.5.

3.2.5 USE AFTER FREE CWE-416

This vulnerability can lead to crashes when the BIO_new_NDEF function is improperly handled, particularly in scenarios involving invalid public keys. It affects various OpenSSL functions and can be exploited through specific API calls.

CVE-2023-0215 has been assigned to this vulnerability, with a CVSS v3 base score of 7.5.

3.2.6 DOUBLE FREE CWE-415

This vulnerability arises from improper handling of PEM files, which can lead to double free errors and application crashes. Attackers can exploit this by supplying malicious PEM files.

CVE-2022-4450 has been assigned to this vulnerability, with a CVSS v3 base score of 7.5.

3.2.7 OBSERVABLE DISCREPANCY CWE-203

A timing-based side channel vulnerability exists in the RSA decryption implementation, which could allow attackers to recover plaintext through careful observation of response times. This vulnerability affects all RSA padding modes and requires significant effort to exploit.

CVE-2022-4304 has been assigned to this vulnerability, with a CVSS v3 base score of 5.9.

3.2.8 <a href="https://cwe.mitre.org/data/definitions