Rewterz Threat Advisory – ICS: Hitachi Energy Asset Suite Vulnerability

Severity

Medium

Analysis Summary

CVE-2023-4816

Hitachi Energy Asset Suite could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw in the Equipment Tag Out authentication. By sending a specially crafted request, an attacker could exploit this vulnerability to perform an Equipment Tag Out holder action for another user and entering an arbitrary password in the holder action confirmation dialog box.

Impact

• Security Bypass

Indicators Of Compromise

CVE

• CVE-2023-4816

Affected Vendors

Hitachi

Affected Products

• Hitachi Energy Asset Suite 9.6.3.11.1
• Hitachi Energy Asset Suite 9.6.4

Remediation

Refer to Hitachi Energy PSIRT for patch, upgrade or suggested workaround information.

Hitachi Energy PSIR