CVE-2022-2513 : Security Advisory and Response
Learn about CVE-2022-2513, a vulnerability in Hitachi Energy's PCM600 product allowing unauthorized access to IED credentials, impacting multiple IED Connectivity Packages.
A vulnerability exists in the Intelligent Electronic Device (IED) Connectivity Package (ConnPack) credential storage function in Hitachi Energy’s PCM600 product included in certain versions. This vulnerability allows an attacker to access and exploit cleartext credentials stored in the PCM600 database, potentially leading to unauthorized modifications or denial-of-service attacks on the IEDs.
Understanding CVE-2022-2513
This section provides detailed insights into the nature and impact of the vulnerability.
What is CVE-2022-2513?
CVE-2022-2513 refers to a cleartext credentials vulnerability in Hitachi Energy's PCM600 product, where IED credentials are stored in an insecure format, posing a security risk to the connected devices.
The Impact of CVE-2022-2513
The vulnerability allows malicious actors to extract sensitive credentials from the PCM600 database, enabling them to make unauthorized changes or disrupt operations of the Intelligent Electronic Devices (IEDs).
Technical Details of CVE-2022-2513
This section delves into the specifics of the vulnerability, affected systems, and exploitation methods.
Vulnerability Description
The vulnerability arises due to the insecure storage of IED credentials in Hitachi Energy's PCM600 database, potentially leading to unauthorized access and control over these devices.
Affected Systems and Versions
The vulnerability affects several Hitachi Energy products, including PCM600, 670 Connectivity Package, 650 Connectivity Package, SAM600-IO Connectivity Package, GMS600 Connectivity Package, and PWC600 Connectivity Package in specific versions.
Exploitation Mechanism
Attackers who gain access to the exported backup file containing the cleartext credentials can exploit the vulnerability to compromise the IEDs' security, enabling them to manipulate configurations or disrupt services.
Mitigation and Prevention
This section outlines steps to mitigate the risks associated with CVE-2022-2513 and prevent potential exploitation.
Immediate Steps to Take
Users are advised to update PCM600 to version 2.11 Hotfix 20220923 or implement the provided mitigation factors/workarounds to secure the credential storage and prevent unauthorized access.
Long-Term Security Practices
Implement least privilege principles, recommended security practices, and firewall configurations to safeguard process control networks from external threats. Follow guidelines by organizations like CIS for host Operating System protection.
Patching and Updates
Regularly update software versions and apply security patches provided by Hitachi Energy to address vulnerabilities and enhance the security posture of the affected products.