ICS: Multiple Hitachi Products Vulnerabilities

Severity

High

Analysis Summary

CVE-2024-28981 CVSS:8.5

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.8, including 8.3.x, discloses database passwords when searching metadata injectable fields.

CVE-2024-7125 CVSS:7.8

Authentication Bypass vulnerability in Hitachi Ops Center Common Services.This issue affects Hitachi Ops Center Common Services: from 10.9.3-00 before 11.0.2-01.

Impact

Security Bypass

Indicators of Compromise

CVE

CVE-2024-28981
CVE-2024-7125

Affected Vendors

Hitachi

Affected Products

Hitachi Vantara Pentaho Data Integration & Analytics - 1.0 - 9.4.0.0
Hitachi Ops Center Common Services - 10.9.3-00

Remediation

Refer to Hitachi Website for patch, upgrade, or suggested workaround information.

CVE-2024-28981

CVE-2024-7125

LokiBot Malware – Active IOCs

Bitter APT Targeting Pakistan – Active IOCs

ICS: Multiple Hitachi Products Vulnerabilities

Severity

High

Analysis Summary

Indicators of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan