Skip to main content
Emerging Threats

Hitachi Energy: UNEM and ECST Innovations

Hitachi Energy: UNEM and ECST Innovations

1. EXECUTIVE SUMMARY

  • CVSS v4 6.8
  • ATTENTION: Low Attack Complexity
  • Vendor: Hitachi Energy
  • Equipment: XMC20, ECST, UNEM
  • Vulnerability: Improper Validation of Certificate with Host Mismatch

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow attackers to intercept or falsify data exchanges between the client and the server. This poses significant risks to the integrity and confidentiality of communications, particularly in critical infrastructure sectors where data accuracy is paramount.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

Hitachi Energy has identified the following products as affected by the vulnerability:

  • XMC20: Versions prior to R16B
  • ECST: Versions prior to 16.2.1
  • UNEM: Versions prior to R15A
  • UNEM: R15A
  • UNEM: R15B PC4 and prior
  • UNEM: R16A
  • UNEM: R16B PC2 and prior

3.2 VULNERABILITY OVERVIEW

3.2.1 IMPROPER VALIDATION OF CERTIFICATE WITH HOST MISMATCH CWE-297

The vulnerability affects the ECST client application, which, if exploited, could enable attackers to intercept or falsify data exchanges between the client and the server. This vulnerability has been assigned the identifier CVE-2024-2462. A CVSS v3 base score of 4.9 has been calculated, with a CVSS vector string of (CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H). Additionally, a CVSS v4 score of 6.8 has been calculated, with a vector string of (CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:H/SC:L/SI:N/SA:H).

3.3 BACKGROUND

  • CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
  • COUNTRIES/AREAS DEPLOYED: Worldwide
  • COMPANY HEADQUARTERS LOCATION: Switzerland

3.4 RESEARCHER

The vulnerability was reported to Hitachi Energy by researchers Darius Pavelescu and Bernhard Rader from Limes Security.

4. MITIGATIONS

Hitachi Energy has outlined specific workarounds and mitigations that users can implement to reduce risk:

  • UNEM R16B PC2 and earlier: Update to UNEM R16B PC3 or later and apply general mitigation factors.
  • UNEM R15B PC4 or prior: Update to UNEM R15B PC5 and apply general mitigation factors. (Update planned)
  • UNEM R16A, UNEM R15A: EOL versions – no fix will be available. Apply general mitigation factors. Users with a UNEM R16A installation are entitled to an update to UNEM R16B, as R16B is not in an inactive lifecycle state.
  • XMC20 less than R16B: Update to XMC20 R16B.
  • ECST less than 16.2.1: Update to ECST 16.2.1.

The following product versions have been fixed:

  • UNEM R16B PC3 or later: Fixed version.
  • UNEM R15B PC5: Fixed version.
  • XMC20 R16B: Fixed version.
  • ECST 16.2.1: Fixed version.

For further details, refer to the associated security advisory 8DBD000203 – SSH Host Key Verification Vulnerability in Hitachi Energy’s UNEM/ECST Product.

Hitachi Energy recommends that users implement recommended security practices and firewall configurations to protect the process control network from external attacks. It is crucial that process control systems are physically secured from unauthorized access, have no direct Internet connections, and are separated from other networks by firewalls with minimal exposed ports. Additionally, these systems should not be used for activities such as Internet browsing, instant messaging, or email. Portable computers and removable storage media should be scanned for viruses before connecting to control systems.

CISA advises users to take defensive measures to minimize the risk of exploitation of this vulnerability and emphasizes the importance of conducting proper impact analysis and risk assessment before deploying any defensive measures. CISA also provides a section for control systems security recommended practices on their ICS webpage at cisa.gov. Various CISA products detailing cyber defense best practices are available for review and download, including <a href="https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in