Hitachi ABB Power Grids eSOMS

Plan Patch7.5ICS-CERT ICSA-21-077-02Mar 18, 2021

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Hitachi ABB Power Grids eSOMS contains an information disclosure vulnerability (CWE-200) that allows unauthorized access to sensitive information. Affected versions are eSOMS prior to 6.0.4.2.2, 6.1.4, and 6.3. The vulnerability is not remotely exploitable.

What this means

What could happen

An attacker with local access to the eSOMS system could read sensitive operational or configuration data that should be restricted. This could expose information about the power grid topology, control settings, or other critical operational details.

Who's at risk

Electric utilities and grid operators running Hitachi ABB Power Grids eSOMS for energy management and system optimization. This affects SCADA and energy management system operators who depend on eSOMS for monitoring and controlling grid operations.

How it could be exploited

An attacker must have local access to the eSOMS host system (either physical access or authenticated remote access to the device). Once on the system, they can read files or access functions that should be protected, extracting unauthorized information about grid operations or configuration.

Prerequisites

Local access to the eSOMS system (physical or authenticated remote session)
Access to files or resources that disclose operational or configuration information

Low complexity exploitationNo authentication required for information disclosure once local access obtainedAffects critical energy infrastructure

Exploitability

Low exploit probability (EPSS 0.3%)

Affected products (3)

3 with fix

ProductAffected VersionsFix Status

eSOMS:< 6.36.0.4.2.2

eSOMS:> 6.1 | < 6.1.46.0.4.2.2

eSOMS:> 6.0 | < 6.0.4.2.26.0.4.2.2

Remediation & Mitigation

0/6

Do now

0/1

HARDENINGRestrict physical access to eSOMS servers and limit remote terminal access to authorized personnel only

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

HOTFIXUpdate eSOMS to version 6.0.4.2.2 or later

HOTFIXUpdate eSOMS to version 6.1.4 or later

HOTFIXUpdate eSOMS to version 6.3 or later

Long-term hardening

0/2

HARDENINGImplement network segmentation to isolate eSOMS from untrusted networks

HARDENINGDisable unnecessary services and ports on eSOMS hosts

CVEs (1)

CVE-2021-26845

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/c410e12e-1f55-40a6-a8e1-e6ca6414d8a4