Detections
Analytics

Hitachi Energy GMS600, PWC600, and Relion Improper Access Control (CVE-2021-35534)

high Tenable OT Security Plugin ID 500928

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Insufficient security control vulnerability in internal database access mechanism of Hitachi Energy Relion 670/650/SAM600-IO, Relion 650, GMS600, PWC600 allows attacker who successfully exploited this vulnerability, of which the product does not sufficiently restrict access to an internal database tables, could allow anybody with user credentials to bypass security controls that is enforced by the product. Consequently, exploitation may lead to unauthorized modifications on data/firmware, and/or to permanently disabling the product. This issue affects: Hitachi Energy Relion 670 Series 2.0 all revisions; 2.2.2 all revisions; 2.2.3 versions prior to 2.2.3.5.
Hitachi Energy Relion 670/650 Series 2.1 all revisions. 2.2.0 all revisions; 2.2.4 all revisions; Hitachi Energy Relion 670/650/SAM600-IO 2.2.1 all revisions; 2.2.5 versions prior to 2.2.5.2. Hitachi Energy Relion 650 1.0 all revisions. 1.1 all revisions; 1.2 all revisions; 1.3 versions prior to 1.3.0.8; Hitachi Energy GMS600 1.3.0; 1.3.0.1; 1.2.0. Hitachi Energy PWC600 1.0.1 version 1.0.1.4 and prior versions; 1.1.0 version 1.1.0.1 and prior versions.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Hitachi Energy recommends upgrading to the latest version of their software when it becomes available:

- Relion 670 series Version 2.2.3: Update to Version 2.2.3.5
- Relion 670/650/SAM600-IO series Version 2.2.5: Update to Version 2.2.5.2
- Relion 650 series Version 1.3: Update to Version 1.3.0.8
- Relion 650 series Version 1.2: Update to Version 1.3

- Relion 670 series Version 2.2.3 to 2.2.3.4: Update to Version 2.2.3.5
- Relion 670/650/SAM600-IO series Version 2.2.5 to revision 2.2.5.1: Update to Version 2.2.5.2
- Relion 670/650 series Version 2.1, all revisions: Update to Version 2.1.0.5

For other affected versions, please follow mitigation factors in Hitachi Energy’s advisories. Hitachi Energy recommends the following security practices and firewall configurations to help protect process control networks from attacks that originate from outside the network: Physically protect process control systems from direct access by unauthorized personnel.

- Do not directly connect to the Internet.
- Separate from other networks by means of a firewall system that has a minimal number of ports exposed.
- Process control systems should not be used for Internet surfing, instant messaging, or receiving e-mails.
- Limit open database connectivity (ODBC) protocol for device configuration within the substation only.
- Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system.

For additional information and support please contact your product provider or Hitachi Energy service organization. For contact information, visit Hitachi Energy contact-centers.

Please see the Hitachi Energy PWC600, GMS600, and Relion advisories for additional mitigation and update information.

See Also

http://www.nessus.org/u?0394acf5

http://www.nessus.org/u?02e84ace

http://www.nessus.org/u?3d892aa9

https://www.cisa.gov/news-events/ics-advisories/icsa-21-343-01

Plugin Details

Severity: High

ID: 500928

Version: 1.5

Type: remote

Family: Tenable.ot

Published: 3/29/2023

Updated: 3/4/2024

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 6.7

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2021-35534

CVSS v3

Risk Factor: High

Base Score: 7.2

Temporal Score: 6.3

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:hitachienergy:relion_650_firmware:1.0.0, cpe:/o:hitachienergy:relion_650_firmware:1.1.0, cpe:/o:hitachienergy:relion_650_firmware:1.2.0, cpe:/o:hitachienergy:relion_650_firmware:1.3.0, cpe:/o:hitachienergy:relion_650_firmware:2.1.0, cpe:/o:hitachienergy:relion_650_firmware:2.2.0, cpe:/o:hitachienergy:relion_650_firmware:2.2.1, cpe:/o:hitachienergy:relion_650_firmware:2.2.4, cpe:/o:hitachienergy:relion_650_firmware:2.2.5, cpe:/o:hitachienergy:relion_670_firmware, cpe:/o:hitachienergy:relion_670_firmware:2.0.0, cpe:/o:hitachienergy:relion_670_firmware:2.1.0, cpe:/o:hitachienergy:relion_670_firmware:2.2.0, cpe:/o:hitachienergy:relion_670_firmware:2.2.1, cpe:/o:hitachienergy:relion_670_firmware:2.2.2, cpe:/o:hitachienergy:relion_670_firmware:2.2.3, cpe:/o:hitachienergy:relion_670_firmware:2.2.4, cpe:/o:hitachienergy:relion_670_firmware:2.2.5, cpe:/o:hitachienergy:relion_sam600-io_firmware:2.2.1, cpe:/o:hitachienergy:relion_sam600-io_firmware:2.2.5

Required KB Items: Tenable.ot/ABB

Exploit Ease: No known exploits are available

Patch Publication Date: 11/18/2021

Vulnerability Publication Date: 11/18/2021

Reference Information

CVE: CVE-2021-35534

CWE: 269