Summary
Hitachi Energy is aware of a vulnerability that affects XMC20 product versions listed in this document. Successful exploitation of this vulnerability can lead to forgery attacks potentially causing impact on confidentiality, integrity and availability for the product. Please refer to the Recommended Immediate Actions for information about the mitigation/remediation. Note: This is applicable only if XMC20 devices are configured to use remote RADIUS authentication.
The following versions of Hitachi Energy XMC20 are affected:
- XMC20 R18, vers:XMC20/<=R17A (CVE-2024-3596, CVE-2024-3596)
| CVSS | Vendor | Equipment | Vulnerabilities |
|---|---|---|---|
| v3 9 | Hitachi Energy | Hitachi Energy XMC20 | Improper Enforcement of Message Integrity During Transmission in a Communication Channel |
Background
- Critical Infrastructure Sectors: Critical Manufacturing
- Countries/Areas Deployed: Worldwide
- Company Headquarters Location: Switzerland
Vulnerabilities
CVE-2024-3596
The RADIUS protocol under RFC 2865 is susceptible to forgery attacks by a local attacker. An attacker can modify any valid response (Access-Accept, Access-Reject, or Access-Challenge) into another response using a chosen-prefix collision attack targeting the MD5 Response Authenticator signature.
Affected Products
Hitachi Energy XMC20
Hitachi Energy
XMC20 version R18, XMC20 version R17A and earlier
known_affected
Remediations
Mitigation
Enable the RADIUS Message-Authenticator option in both the XMC20 and RADIUS server configurations. Refer to the Technical User Documentation at https://publisher.hitachienergy.com/preview?DocumentID=1KHW029001&LanguageCode=en&DocumentPartId=R18&Action=launch.
Vendor fix
Update to XMC20 R18 and then enable the RADIUS Message-Authenticator option in both the XMC20 and RADIUS server configurations. Refer to the Technical User Documentation at https://publisher.hitachienergy.com/preview?DocumentID=1KHW029001&LanguageCode=en&DocumentPartId=R18&Action=launch.
Mitigation
If the upgrade is not possible, apply general mitigation factors with segmentation of FOX management traffic to minimize the risk.
Mitigation
For more information, see the associated Hitachi Energy cybersecurity advisory 8DBD000233 RADIUS MD5 Vulnerability in Hitachi Energy XMC20 product available in PDF format here https://publisher.hitachienergy.com/preview?DocumentID=8DBD000233&LanguageCode=en&DocumentPartId=&Action=launch or JSON format here https://publisher.hitachienergy.com/preview?DocumentID=8DBD000233-CSAF&LanguageCode=en&DocumentPartId=&Action=Launch.
Mitigation
Hitachi Energy recommends implementing security practices and firewall configurations to help protect process control networks from external attacks. Such practices include ensuring that process control systems are physically protected from unauthorized access, have no direct Internet connections, and are separated from other networks by a firewall system that minimizes exposed ports, and any additional ports should be evaluated on a case-by-case basis. Process control systems should not be used for web browsing, instant messaging, or email. Portable computers and removable storage media should be thoroughly scanned for malware before being connected to a control system. Organizations should enforce proper password policies and procedures.
Relevant CWE: CWE-924 Improper Enforcement of Message Integrity During Transmission in a Communication Channel
Metrics
| CVS […] Content was cut in order to protect the source.Please visit the source for the rest of the article. This article has been indexed from All CISA Advisories
Read the original article: Post navigation |
|---|