Detections
Analytics
Hitachi Energy Relion 670, 650 and SAM600-IO Improper Input Validation (CVE-2021-27196)
high Tenable OT Security Plugin ID 500566
Synopsis
The remote OT asset is affected by a vulnerability.Description
Improper Input Validation vulnerability in Hitachi ABB Power Grids Relion 670 Series, Relion 670/650 Series, Relion 670/650/SAM600-IO, Relion 650, REB500, RTU500 Series, FOX615 (TEGO1), MSM, GMS600, PWC600 allows an attacker with access to the IEC 61850 network with knowledge of how to reproduce the attack, as well as the IP addresses of the different IEC 61850 access points (of IEDs/products), to force the device to reboot, which renders the device inoperable for approximately 60 seconds. This vulnerability affects only products with IEC 61850 interfaces. This issue affects: Hitachi ABB Power Grids Relion 670 Series 1.1; 1.2.3 versions prior to 1.2.3.20; 2.0 versions prior to 2.0.0.13; 2.1; 2.2.2 versions prior to 2.2.2.3; 2.2.3 versions prior to 2.2.3.2. Hitachi ABB Power Grids Relion 670/650 Series 2.2.0 versions prior to 2.2.0.13. Hitachi ABB Power Grids Relion 670/650/SAM600-IO 2.2.1 versions prior to 2.2.1.6. Hitachi ABB Power Grids Relion 650 1.1; 1.2; 1.3 versions prior to 1.3.0.7.Hitachi ABB Power Grids REB500 7.3; 7.4; 7.5; 7.6; 8.2; 8.3. Hitachi ABB Power Grids RTU500 Series 7.x version 7.x and prior versions; 8.x version 8.x and prior versions; 9.x version 9.x and prior versions;
10.x version 10.x and prior versions; 11.x version 11.x and prior versions; 12.x version 12.x and prior versions. Hitachi ABB Power Grids FOX615 (TEGO1) R1D02 version R1D02 and prior versions. Hitachi ABB Power Grids MSM 2.1.0 versions prior to 2.1.0. Hitachi ABB Power Grids GMS600 1.3.0 version 1.3.0 and prior versions. Hitachi ABB Power Grids PWC600 1.0 versions prior to 1.0.1.4; 1.1 versions prior to 1.1.0.1.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
Solution
The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.Hitachi Energy recommends users apply relevant updates at their earliest convenience. Users should contact Hitachi Energy to acquire firmware for a specific product version. Hitachi Energy has created the new versions to address this vulnerability:
- Relion 670 series version 1.1: Follow recommendation as listed in the Hitachi Energy advisory 9AKK107991A8932 mitigation section or upgrade to the latest product version.
- For upgrades, contact your local Hitachi Energy associates.
- Relion 670 series version 1.2.3: Fixed in revision 670 1.2.3.20
- Relion 670 series version 2.0: Fixed in revision 670 2.0.0.13
- Relion 670 series version 2.1: Fixed in revision 670 2.1.0.5
- Relion 670/650 series version 2.2.0: Fixed in revision 670 2.2.0.13
- Relion 670/650/SAM600-IO series version 2.2.1: Fixed in revision 670 2.2.1.6
- Relion 670 series version 2.2.2: Fixed in revision 670 2.2.2.3
- Relion 670 series version 2.2.3: Fixed in revision 670 2.2.3.2
- Relion 650 series version 1.1: Follow recommendation as listed in the Hitachi Energy advisory 9AKK107991A8932 mitigation section or upgrade to the latest product version.
- For upgrades, contact your local Hitachi Energy associates.
- Relion 650 series version 1.2: Follow recommendation as listed in the Hitachi Energy advisory 9AKK107991A8932 mitigation section or upgrade to product version 1.3.
- For upgrades, contact your local Hitachi Energy associates.
- Relion 650 series version 1.3: Fixed in revision 650 1.3.0.7
Hitachi Energy recommends the following security practices and firewall configurations to help protect a process control network from attacks originating outside the network:
- Physically protect process control systems from unauthorized direct access.
- Do not directly connect control systems networks to the internet.
- Separate process control systems from other networks using a firewall system with a minimal number of open ports.
- Do not use process control systems for internet surfing, instant messaging, or email.
- Carefully scan portable computers and removable storage media prior to connecting to a control system for malware.
- Ensure that only authorized personnel have access to the system configuration files.
More information on recommended practices can be found in the cybersecurity deployment guidelines for each product version.
For more information, see Hitachi Energy advisory 9AKK107991A8932.
See Also
http://www.nessus.org/u?e88a4149
http://www.nessus.org/u?24dbfef8
http://www.nessus.org/u?b9ecdc09
http://www.nessus.org/u?57a20c50
http://www.nessus.org/u?59f45d28
http://www.nessus.org/u?ca5d1c3f
http://www.nessus.org/u?f5c70771
https://www.cisa.gov/news-events/ics-advisories/icsa-21-096-01
Plugin Details
Severity: High
ID: 500566
Version: 1.13
Type: remote
Family: Tenable.ot
Published: 2/7/2022
Updated: 3/4/2024
Supported Sensors: Tenable OT Security
Risk Information
VPR
Risk Factor: Low
Score: 3.6
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 3.7
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS Score Source: CVE-2021-27196
CVSS v3
Risk Factor: High
Base Score: 7.5
Temporal Score: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:hitachienergy:reb500_firmware:7, cpe:/o:hitachienergy:reb500_firmware:8, cpe:/o:hitachienergy:relion_650_firmware:1, cpe:/o:hitachienergy:relion_650_firmware:1.1, cpe:/o:hitachienergy:relion_650_firmware:1.2, cpe:/o:hitachienergy:relion_650_firmware:2, cpe:/o:hitachienergy:relion_650_firmware:2.1, cpe:/o:hitachienergy:relion_670_firmware:1, cpe:/o:hitachienergy:relion_670_firmware:1.1, cpe:/o:hitachienergy:relion_670_firmware:2, cpe:/o:hitachienergy:relion_670_firmware:2.1, cpe:/o:hitachienergy:relion_sam600-io_firmware
Required KB Items: Tenable.ot/ABB
Exploit Ease: No known exploits are available
Patch Publication Date: 6/14/2021
Vulnerability Publication Date: 6/14/2021
Reference Information
CVE: CVE-2021-27196
CWE: 20