Headline
Hitachi Energy IEC 61850 MMS-Server
- EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely Vendor: Hitachi Energy Equipment: IEC 61850 MMS-Server Vulnerability: Improper Resource Shutdown or Release
- RISK EVALUATION Successful exploitation of this vulnerability could cause products using the IEC 61850 MMS-server communication stack to stop accepting new MMS-client connections.
- TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following versions Hitachi Energy equipment using the IEC 61850 communication stack are affected:
TXpert Hub CoreTec 4 version 2.0.x
TXpert Hub CoreTec 4 version 2.1.x
TXpert Hub CoreTec 4 version 2.2.x
TXpert Hub CoreTec 4 version 2.3.x
TXpert Hub CoreTec 4 version 2.4.x
TXpert Hub CoreTec 4 version 3.0.x
TXpert Hub CoreTec 5 version 3.0.x
Tego1_r15b08 (FOX615 System Release R15B)
Tego1_r2a16_03 (FOX615 System Release R14A)
Tego1_r2a16
Tego1_r1e01
Tego1_r1d02
Tego1_r1c07
Tego1_r1b02
GMS600 version 1.3
Relion 670 1.2 (Limited)
Relion 670 2.0 (Limited)
Relion 650 version 1.1 (Limited)
Relion 650 version 1.3 (Limited)
Relion 650 version 2.1 (Classic)
Relion 670 version 2.1 (Classic)
Relion SAM600-IO 2.2.1
Relion SAM600-IO 2.2.5
Relion 670/650 version 2.2.0
Relion 670/650 version 2.2.1
Relion 670/650 version 2.2.2
Relion 670/650 version 2.2.3
Relion 670/650 version 2.2.4
Relion 670/650 version 2.2.5
ITT600 SA Explorer version 1.1.0
ITT600 SA Explorer version 1.1.1
ITT600 SA Explorer version 1.1.2
ITT600 SA Explorer version 1.5.0
ITT600 SA Explorer version 1.5.1
ITT600 SA Explorer version 1.6.0
ITT600 SA Explorer version 1.6.0.1
ITT600 SA Explorer version 1.7.0
ITT600 SA Explorer version 1.7.2
ITT600 SA Explorer version 1.8.0
ITT600 SA Explorer version 2.0.1
ITT600 SA Explorer version 2.0.2
ITT600 SA Explorer version 2.0.3
ITT600 SA Explorer version 2.0.4.1
ITT600 SA Explorer version 2.0.5.0
ITT600 SA Explorer version 2.0.5.4
ITT600 SA Explorer version 2.1.0.4
ITT600 SA Explorer version 2.1.0.5
MSM version 2.2.3 and prior
PWC600 version 1.0
PWC600 version 1.1
PWC600 version 1.2
REB500 all V8.x versions
REB500 all V7.x versions
RTU500 series CMU Firmware version 12.0.1 to 12.0.14
RTU500 series CMU Firmware version 12.2.1 to 12.2.11
RTU500 series CMU Firmware version 12.4.1 to 12.4.11
RTU500 series CMU Firmware version 12.6.1 to 12.6.8
RTU500 series CMU Firmware version 12.7.1 to 12.7.4
RTU500 series CMU Firmware version 13.2.1 to 13.2.5
RTU500 series CMU Firmware version 13.3.1 to 13.3.3
RTU500 series CMU Firmware version 13.4.1 SYS600 version 10.1 to 10.3.1 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER RESOURCE SHUTDOWN OR RELEASE CWE-404 CVE-2022-3353 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.9 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Energy COUNTRIES/AREAS DEPLOYED: Worldwide COMPANY HEADQUARTERS LOCATION: Switzerland 3.4 RESEARCHER Hitachi Energy reported this vulnerability to CISA. - MITIGATIONS Hitachi Energy provided updates for the following products. Contact Hitachi Energy for update information. MSM Server update to version 2.2.5 tego1_r15b08 (FOX615 System Release R15B) update to tego1_r16a11 (FOX615 System Release R16A) REB500 all V8.x versions update to REB500 firmware to version 8.3.3.0 when released. RTU500 series CMU Firmware version 12.0.1 to 12.0.14 Update to CMU Firmware version 12.0.15 RTU500 series CMU Firmware version 12.2.1 to 12.2.11 Update to CMU Firmware version 12.2.12 RTU500 series CMU Firmware version 12.4.1 to 12.4.11 Update to CMU Firmware version 12.4.12 RTU500 series CMU Firmware version 12.6.1 to 12.6.8 Update to CMU Firmware version 12.6.9 RTU500 series CMU Firmware version 12.7.1 to 12.7.4 Update to CMU Firmware version 12.7.5 RTU500 series CMU Firmware version 13.2.1 to 13.2.5 Update to CMU Firmware version 13.2.6 RTU500 series CMU Firmware version 13.3.1 to 13.3.3 Update to CMU Firmware version 13.3.4 RTU500 series CMU Firmware version 13.4.1 Update to CMU Firmware version 13.4.2 SYS600 version 10.1 to 10.3.1 update to SYS600 version 10.4.1 For all versions, Hitachi Energy recommends that users apply these general mitigation factors: Upgrade the system once a remediated version is available. Apply Hitachi Energy recommended security practices and firewall configurations to help protect a process control network from attacks that originate from outside the network. Such practices include:
Physically protecting process control systems from direct access by unauthorized personnel. Not allowing direct connections to the internet.
Process control systems should not be used for internet surfing, instant messaging, or receiving emails.
Use a firewall system that has a minimal number of exposed ports to separate the process control network from other networks.
Connection to other networks must be evaluated as necessary.
Scan portable computers and removable storage media carefully for viruses before connection to a control system.
MSM is not designed nor intended to be connected to the internet. Disconnect the device from any internet facing network.
Adopt user access management and updated antivirus protection engines equipped with the latest signature rules for computers that have installed and are operating the MMS Client application. Use the default operating system (OS) user access management function to limit unauthorized access and/or rogue commands via the MMS Client application.
For more information, see the Hitachi Energy advisories for the corresponding affected products: 8DBD000124 TXpert Hub CoreTec 4 and 5 Products 8DBD000132 RTU500 series 8DBD000127 Relion 670, 650 series, and SAM600-IO 8DBD000131 REB500 series 8DBD000130 PWC600 8DBD000129 MSM 8DBD000133 MicroSCADA X SYS600 8DBD000128 ITT600 SA Explorer 8DBD000126 GMS600 8DBD000125 FOX61x TEGO1 CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage at cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. No known public exploits specifically target this vulnerability. This vulnerability has a high attack complexity.