Organisations and companies using Hitachi Energy products are warned about critical and high-severity vulnerabilities that have recently been discovered. The advisories were published by the US Cybersecurity and Infrastructure Security Agency (CISA) to inform the affected firms about potential threats.
Three separate advisories were released concerning the identified security flaws, with one associated with Hitachi Energy UNEM (ICSA-23-005-01), one with Hitachi Energy Foxman-UN (ICSA-23-005-02), and one with Hitachi Energy Lumada Asset Performance Management (ICSA-23-005-03).
These high-severity vulnerabilities pose risks to companies that use Hitachi Energy products in daily operations.
The three released advisories are directed toward Hitachi Energy customers that could be exposed to cybersecurity threats.
CISA has detailed all information that customers must be aware of regarding the risks posed by the identified critical vulnerabilities on products offered by the energy solutions company.
The first one, UNEM, is a component of the firm’s network management system or NMS. The security flaws linked to this product could allow a malicious actor to obtain sensitive data and illegally access UNEM’s managed network elements. Hackers could also commit malicious modifications to an affected system.
In remediating this flaw, CISA advised customers to upgrade their systems to the latest version of UNEM.
The second advisory was for FOXMAN-UN, wherein customers were informed about the same risks posed against UNEM, as FOXMAN-UN is a product and component under the NMS suite. Thus, malicious actors could also exploit flaws in this product to gain unauthorised access, steal data, and make malicious modifications.
CISA also recommended that customers upgrade their systems to the latest FOXMAN-UN version released by the energy solutions firm.
Lastly, CISA’s advisory on Lumada Asset Performance Management (APM) talks about how threat actors could execute distributed denial-of-service (DDoS) attacks on targeted machines or perform an unauthorised remote arbitrary execution.
For this advisory, users are also highly advised to upgrade their systems to the latest FOXMAN-UN version.
In conclusion, CISA’s released advisories are intended for users and the company to be aware of the threats that could affect them should malicious actors abuse the discovered security flaws. Users must immediately activate defensive measures in their machines and upgrade their Hitachi Energy products to the latest patches.
On the other hand, the energy solutions company is directed to perform proper impact analysis and risk assessment before they deploy appropriate defensive measures. CISA also shared additional recommendations, such as following cyber defence best practices, establishing company internal procedures, and reporting findings to CISA.
