ICSA-23-255-01
Vulnerability from csaf_cisa
Published
2023-09-12 06:00
Modified
2023-09-12 06:00
Summary
Hitachi Energy Lumada APM Edge
Notes
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation
Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service condition or disclosure of sensitive information.
Critical infrastructure sectors
Energy
Countries/areas deployed
Worldwide
Company headquarters location
Switzerland
Recommended Practices
CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability these vulnerabilities. Specifically, users should:
Recommended Practices
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.
Recommended Practices
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
Recommended Practices
No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.
{ "document": { "acknowledgments": [ { "organization": "Hitachi Energy", "summary": "reporting this vulnerability to CISA" } ], "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Disclosure is not limited", "tlp": { "label": "WHITE", "url": "https://us-cert.cisa.gov/tlp/" } }, "lang": "en-US", "notes": [ { "category": "legal_disclaimer", "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.", "title": "Legal Notice" }, { "category": "summary", "text": "Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service condition or disclosure of sensitive information. ", "title": "Risk evaluation" }, { "category": "other", "text": "Energy", "title": "Critical infrastructure sectors" }, { "category": "other", "text": "Worldwide", "title": "Countries/areas deployed" }, { "category": "other", "text": "Switzerland", "title": "Company headquarters location" }, { "category": "general", "text": "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability these vulnerabilities. Specifically, users should:", "title": "Recommended Practices" }, { "category": "general", "text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.", "title": "Recommended Practices" }, { "category": "general", "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.", "title": "Recommended Practices" }, { "category": "general", "text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.", "title": "Recommended Practices" }, { "category": "general", "text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.", "title": "Recommended Practices" }, { "category": "general", "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.", "title": "Recommended Practices" }, { "category": "general", "text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.", "title": "Recommended Practices" }, { "category": "general", "text": "No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.", "title": "Recommended Practices" } ], "publisher": { "category": "coordinator", "contact_details": "central@cisa.dhs.gov", "name": "CISA", "namespace": "https://www.cisa.gov/" }, "references": [ { "category": "self", "summary": "ICS Advisory ICSA-23-255-01 JSON", "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2023/icsa-23-255-01.json" }, { "category": "self", "summary": "ICSA Advisory ICSA-23-255-01 - Web Version", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-255-01" }, { "category": "external", "summary": "Recommended Practices", "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices" }, { "category": "external", "summary": "Recommended Practices", "url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf" }, { "category": "external", "summary": "Recommended Practices", "url": "https://www.cisa.gov/topics/industrial-control-systems" }, { "category": "external", "summary": "Recommended Practices", "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01" }, { "category": "external", "summary": "Recommended Practices", "url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf" }, { "category": "external", "summary": "Recommended Practices", "url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B" } ], "title": "Hitachi Energy Lumada APM Edge", "tracking": { "current_release_date": "2023-09-12T06:00:00.000000Z", "generator": { "engine": { "name": "CISA CSAF Generator", "version": "1.0.0" } }, "id": "ICSA-23-255-01", "initial_release_date": "2023-09-12T06:00:00.000000Z", "revision_history": [ { "date": "2023-09-12T06:00:00.000000Z", "legacy_version": "Initial", "number": "1", "summary": "Initial Publication" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "\u003c= 4.0", "product": { "name": "Lumada APM Edge: \u003c= 4.0", "product_id": "CSAFPID-0001" } } ], "category": "product_name", "name": "Lumada APM Edge" }, { "branches": [ { "category": "product_version", "name": "6.3", "product": { "name": "Lumada APM Edge: 6.3", "product_id": "CSAFPID-0002" } } ], "category": "product_name", "name": "Lumada APM Edge" } ], "category": "vendor", "name": "Hitachi Energy " } ] }, "vulnerabilities": [ { "cve": "CVE-2023-0215", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "summary", "text": "The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash.", "title": "Vulnerability Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002" ] }, "references": [ { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0215" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "remediations": [ { "category": "vendor_fix", "details": "Hitachi Energy has fixed the vulnerabilities for Lumada APM in version 6.5.0.2 and later and recommends users update their systems to the appropriate version. Lumada APM Edge versions 4.0 and prior are no longer supported and are considered End-of-Life.", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ] }, { "category": "mitigation", "details": "Hitachi Energy reported that Lumada APM Edge relies on the HAProxy service (a pre-requisite component) as an API gateway, so it must be exposed to the end-users via network. For Lumada APM Edge to be accessible to the end-users, it is crucial for this service, which also utilizes OpenSSL libraries, to be updated along with its underlying operating system.", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ] }, { "category": "mitigation", "details": "Recommended security practices and firewall configurations can help protect a process control network fromattacks that originate from outside the network. Such practices include that process control systems are physically protected from direct access by unauthorized personnel, have no direct connections to the Internet, and are separated from other networks by means of a firewall system that has a minimal number of ports exposed, have security updates applied to installed software components and others that must be evaluated case by case. Process control systems should not be used for Internet surfing, instant messaging, or receiving e-mails. Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system.", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ] }, { "category": "mitigation", "details": "For more information, see Hitachi Energy advisory 8DBD000169.", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ], "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000169\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "CSAFPID-0001", "CSAFPID-0002" ] } ] }, { "cve": "CVE-2022-4450", "cwe": { "id": "CWE-415", "name": "Double Free" }, "notes": [ { "category": "summary", "text": "The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the \"name\" (e.g. \"CERTIFICATE\"), any header data and the payload data. If the function succeeds then the \"name_out\", \"header\" and \"data\" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already beenfreed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack.", "title": "Vulnerability Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002" ] }, "references": [ { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4450" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "remediations": [ { "category": "vendor_fix", "details": "Hitachi Energy has fixed the vulnerabilities for Lumada APM in version 6.5.0.2 and later and recommends users update their systems to the appropriate version. Lumada APM Edge versions 4.0 and prior are no longer supported and are considered End-of-Life.", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ] }, { "category": "mitigation", "details": "Hitachi Energy reported that Lumada APM Edge relies on the HAProxy service (a pre-requisite component) as an API gateway, so it must be exposed to the end-users via network. For Lumada APM Edge to be accessible to the end-users, it is crucial for this service, which also utilizes OpenSSL libraries, to be updated along with its underlying operating system.", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ] }, { "category": "mitigation", "details": "Recommended security practices and firewall configurations can help protect a process control network fromattacks that originate from outside the network. Such practices include that process control systems are physically protected from direct access by unauthorized personnel, have no direct connections to the Internet, and are separated from other networks by means of a firewall system that has a minimal number of ports exposed, have security updates applied to installed software components and others that must be evaluated case by case. Process control systems should not be used for Internet surfing, instant messaging, or receiving e-mails. Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system.", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ] }, { "category": "mitigation", "details": "For more information, see Hitachi Energy advisory 8DBD000169.", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ], "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000169\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "CSAFPID-0001", "CSAFPID-0002" ] } ] }, { "cve": "CVE-2023-0286", "cwe": { "id": "CWE-843", "name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)" }, "notes": [ { "category": "summary", "text": "There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service.", "title": "Vulnerability Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002" ] }, "references": [ { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0286" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" } ], "remediations": [ { "category": "vendor_fix", "details": "Hitachi Energy has fixed the vulnerabilities for Lumada APM in version 6.5.0.2 and later and recommends users update their systems to the appropriate version. Lumada APM Edge versions 4.0 and prior are no longer supported and are considered End-of-Life.", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ] }, { "category": "mitigation", "details": "Hitachi Energy reported that Lumada APM Edge relies on the HAProxy service (a pre-requisite component) as an API gateway, so it must be exposed to the end-users via network. For Lumada APM Edge to be accessible to the end-users, it is crucial for this service, which also utilizes OpenSSL libraries, to be updated along with its underlying operating system.", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ] }, { "category": "mitigation", "details": "Recommended security practices and firewall configurations can help protect a process control network fromattacks that originate from outside the network. Such practices include that process control systems are physically protected from direct access by unauthorized personnel, have no direct connections to the Internet, and are separated from other networks by means of a firewall system that has a minimal number of ports exposed, have security updates applied to installed software components and others that must be evaluated case by case. Process control systems should not be used for Internet surfing, instant messaging, or receiving e-mails. Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system.", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ] }, { "category": "mitigation", "details": "For more information, see Hitachi Energy advisory 8DBD000169.", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ], "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000169\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch" } ], "scores": [ { "cvss_v3": { "baseScore": 7.4, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.0" }, "products": [ "CSAFPID-0001", "CSAFPID-0002" ] } ] }, { "cve": "CVE-2022-4304", "cwe": { "id": "CWE-203", "name": "Observable Discrepancy" }, "notes": [ { "category": "summary", "text": "A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection.", "title": "Vulnerability Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002" ] }, "references": [ { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4304" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "remediations": [ { "category": "vendor_fix", "details": "Hitachi Energy has fixed the vulnerabilities for Lumada APM in version 6.5.0.2 and later and recommends users update their systems to the appropriate version. Lumada APM Edge versions 4.0 and prior are no longer supported and are considered End-of-Life.", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ] }, { "category": "mitigation", "details": "Hitachi Energy reported that Lumada APM Edge relies on the HAProxy service (a pre-requisite component) as an API gateway, so it must be exposed to the end-users via network. For Lumada APM Edge to be accessible to the end-users, it is crucial for this service, which also utilizes OpenSSL libraries, to be updated along with its underlying operating system.", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ] }, { "category": "mitigation", "details": "Recommended security practices and firewall configurations can help protect a process control network fromattacks that originate from outside the network. Such practices include that process control systems are physically protected from direct access by unauthorized personnel, have no direct connections to the Internet, and are separated from other networks by means of a firewall system that has a minimal number of ports exposed, have security updates applied to installed software components and others that must be evaluated case by case. Process control systems should not be used for Internet surfing, instant messaging, or receiving e-mails. Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system.", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ] }, { "category": "mitigation", "details": "For more information, see Hitachi Energy advisory 8DBD000169.", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ], "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000169\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch" } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "CSAFPID-0001", "CSAFPID-0002" ] } ] } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.