Summary
Hitachi Energy is aware of a vulnerability that affects FOX61x product versions listed in this document. Successful exploitation of this vulnerability can lead to forgery attacks potentially causing impact on confidentiality, integrity and availability for the product. Please refer to the Recommended Immediate Actions for information about the mitigation/remediation. Note: This is applicable only if FOX61x devices are configured to use remote RADIUS authentication.
The following versions of Hitachi Energy FOX61x are affected:
- FOX61x R18, vers:FOX61x/<=R17A (CVE-2024-3596, CVE-2024-3596)
| CVSS | Vendor | Equipment | Vulnerabilities |
|---|---|---|---|
| v3 9 | Hitachi Energy | Hitachi Energy FOX61x | Improper Enforcement of Message Integrity During Transmission in a Communication Channel |
Background
- Critical Infrastructure Sectors: Critical Manufacturing
- Countries/Areas Deployed: Worldwide
- Company Headquarters Location: Switzerland
Vulnerabilities
CVE-2024-3596
The RADIUS protocol under RFC 2865 is vulnerable to forgery attacks that allow a local attacker to modify any valid response (Access-Accept, Access-Reject, or Access-Challenge) into another response by exploiting a chosen-prefix collision attack on the MD5 Response Authenticator signature..
Affected Products
Hitachi Energy FOX61x
Hitachi Energy
FOX61x version R18, FOX61x version R17A and earlier
known_affected
Remediations
Mitigation
Enable the RADIUS Message-Authenticator option in both the FOX61x and RADIUS Server configurations. Refer to the Technical User Documentation at https://publisher.hitachienergy.com/preview?DocumentID=1KHW029042&LanguageCode=en&DocumentPartId=R18&Action=launch.
Vendor fix
Update to FOX61x R18, then enable the RADIUS Message-Authenticator option in both the FOX61x and RADIUS Server configurations. Refer to the Technical User Documentation at https://publisher.hitachienergy.com/preview?DocumentID=1KHW029042&LanguageCode=en&DocumentPartId=R18&Action=launch.
Mitigation
If the upgrade is not possible, apply general mitigation factors with segmentation of FOX management traffic to minimize the risk.
Mitigation
For more information, see the associated Hitachi Energy cybersecurity advisory 8DBD000225 Radius MD5 Vulnerability in Hitachi Energy FOX61x product at https://publisher.hitachienergy.com/preview?DocumentID=8DBD000225&LanguageCode=en or https://publisher.hitachienergy.com/preview?DocumentID=8DBD000225-CSAF&LanguageCode=en&DocumentPartId=&Action=Launch .
Mitigation
Hitachi Energy recommends implementing security practices and firewall configurations to help protect process control networks from external attacks. Such practices include ensuring that process control systems are physically protected from unauthorized access, have no direct Internet connections, and are separated from other networks by a firewall system that minimizes exposed ports, and any additional ports should be evaluated on a case-by-case basis. Process control systems should not be used for web browsing, instant messaging, or email. Portable computers and removable storage media should be thoroughly scanned for malware before being connected to a control system. Organizations should enforce proper password policies and procedures.
Relevant CWE: CWE-924 Improper Enforcement of Message Integrity During Transmission in a Communication Channel
Metrics
| CVSS Version | Base Score | Base Severity | Vector String […] Content was cut in order to protect the source.Please visit the source for the rest of the article. This article has been indexed from All CISA Advisories
Read the original article: |
|---|