Rewterz Threat Advisory – ICS: Hitachi Energy XMC20 FOX61x and RTU500 OpenLDAP

Severity

High

Analysis Summary

CVE-2021-40333

This vulnerability is a weak default credential associated with TCP Port 26. Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to the DCN routing configuration.

CVE-2021-40334

This vulnerability is due to the implementation of the proprietary management protocol (TCP Port 5558), in which if SSH is activated, could cause a disruption to the NMS and NE communication.

CVE-2020-36229

A vulnerability exists in the affected OpenLDAP versions leading to an LDAP service crash in the parsing of a keystring, resulting in a denial-of-service condition.

CVE-2020-36230

A vulnerability exists in the affected OpenLDAP versions leading in an assertion failure in an LDAP service in the parsing of a file, resulting in a denial-of-service condition.

Impact

• Unauthorized Access

Affected Vendors

• Hitachi Energy

Affected Products

• XMC20: All versions prior to R15A
• FOX61x: All versions prior to R15A
• RTU500 Series CMU Firmware Version 12.4.X
• RTU500 Series CMU Firmware Version 12.6.X
• RTU500 Series CMU Firmware Version 12.7.X
• RTU500 Series CMU Firmware Version 13.0.X
• RTU500 Series CMU Firmware Version 13.1.X
• RTU500 Series CMU Firmware Version 13.2.1

Remediation

Refer to CISA Advisory for the patch, upgrade, or suggested workaround information.

Hitachi Energy XMC20 and FOX61x

Hitachi Energy RTU500 OpenLDAP