Security

CISA warns of vulnerabilities in Hitachi Energy products

cisa Known Exploited Vulnerabilities RESURGEcisa Known Exploited Vulnerabilities RESURGE

CISA has released six advisories to warn organizations about security vulnerabilities affecting Hitachi Energy products

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published six advisories to inform organizations about the availability of security patches and notifications for vulnerabilities impacting Hitachi Energy products.

CISA’s advisories are related to RTU500 series bidirectional communication interface, Relion protection and control IEDs, Retail Operations and Counterparty Settlement and Billing (CSB) software, the Asset Performance Management (APM) Edge software for transformers, and the PCM600 update manager.

The advisories address tens of vulnerabilities, most of them are related to third-party libraries used by the products such as OpenSSL, LibSSL, libxml2, and GRUB2.

The security flaws can allow threat actors to trigger a DoS condition, execute arbitrary code, eavesdrop on traffic, access or modify data, install untrusted software packages. Some of the flaws are remotely exploitable.

The full list of the advisories published by the company is available on the website of the company.

The good news is that Hitachi Energy is not aware of any malicious exploitation of these vulnerabilities in the wild.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, IKEA)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Published by
Pierluigi Paganini
Tags: CISADOShacking newsHitachi Energyinformation security newsIT Information SecurityPierluigi PaganiniRCESecurity AffairsSecurity News
4 years ago

Recent Posts

China-linked threat actor targeted +70 orgs worldwide, SentinelOne warns

China-linked threat actor targeted over 70 global organizations, including governments and media, in cyber-espionage attacks…

2 hours ago

DOJ moves to seize $7.74M in crypto linked to North Korean IT worker scam

US seeks to seize $7.74M in crypto linked to North Korean fake IT worker schemes,…

15 hours ago

OpenAI bans ChatGPT accounts linked to Russian, Chinese cyber ops

OpenAI banned ChatGPT accounts tied to Russian and Chinese hackers using the tool for malware,…

22 hours ago

New Mirai botnet targets TBK DVRs by exploiting CVE-2024-3721

A new variant of the Mirai botnet exploits CVE-2024-3721 to target DVR systems, using a…

1 day ago

BadBox 2.0 botnet infects millions of IoT devices worldwide, FBI warns

BadBox 2.0 malware has infected millions of IoT devices globally, creating a botnet used for…

1 day ago

Over 950K weekly downloads at risk in ongoing supply chain attack on Gluestack packages

A supply chain attack hit NPM, threat actors compromised 16 popular Gluestack packages, affecting 950K+…

2 days ago