Hitachi ABB Power Grids eSOMS Telerik

Act NowCVSS 9.8ICS-CERT ICSA-21-077-03Mar 18, 2021

ABBHitachi EnergyEnergy

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Hitachi ABB Power Grids eSOMS versions below 6.3 contain multiple critical vulnerabilities in the embedded Telerik software component. These flaws include improper file path handling (CWE-22), unsafe deserialization (CWE-502), inadequate input validation (CWE-20), weak cryptography (CWE-326), and insufficient credential protection (CWE-522). Successful exploitation allows unauthenticated remote attackers to upload malicious files, execute arbitrary code, or access sensitive information on the server. The vulnerabilities are actively exploited in the wild.

What this means

What could happen

An attacker could upload malicious files, access sensitive information, or execute arbitrary code on the eSOMS server, potentially allowing them to manipulate grid operations, steal configuration data, or disrupt power delivery systems.

Who's at risk

This affects electric utilities and grid operators using Hitachi ABB Power Grids eSOMS (Energy Supervision and Operational Management System) for power grid monitoring and control. Any organization with versions below 6.3 is at immediate risk, particularly those with eSOMS servers accessible from untrusted networks.

How it could be exploited

An unauthenticated attacker on the network can send a specially crafted request to the eSOMS Telerik component to exploit file upload, deserialization, or input validation flaws. This allows direct code execution on the server or file system access without needing credentials.

Prerequisites

Network access to the eSOMS server (typically port 80/443)
No authentication required
eSOMS version below 6.3

remotely exploitableno authentication requiredlow complexityactively exploited (KEV)high EPSS score (93.9%)affects critical energy infrastructurearbitrary code execution capability

Exploitability

Actively exploited — confirmed by CISA KEV

Metasploit module available — weaponized exploitView module ↗

Public Proof-of-Concept (PoC) on GitHub (10 repositories)

Affected products (1)

ProductAffected VersionsFix Status

eSOMS: all< 6.3 of telerik software6.3+

Remediation & Mitigation

0/4

Do now

0/2

HOTFIXUpdate eSOMS to version 6.3 or later as soon as possible

HARDENINGIsolate eSOMS servers from direct internet access and restrict network access using firewall rules to only authorized management and monitoring traffic

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGEnsure eSOMS servers are not used for web browsing, email, or file sharing to limit malware exposure vectors

Long-term hardening

0/1

HARDENINGImplement network segmentation to separate the grid management network from corporate IT and external networks

CVEs (7)

CVE-2019-19790 CVE-2019-18935 CVE-2017-11357 CVE-2017-11317 CVE-2017-9248 CVE-2014-2217 CVE-2014-4958

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/bb4c3646-5f61-4b74-94e7-51a0b0f11e8b

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.