OTPulse
FeedAboutContact

Hitachi ABB Power Grids eSOMS

Plan Patch7.5ICS-CERT ICSA-21-210-01Jul 29, 2021
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

eSOMS versions 6.3 and earlier store user credentials in browser storage without adequate protection. An attacker with local or physical access to an eSOMS workstation can extract these credentials, gaining unauthorized access to the power grid management system. The vulnerability has a CVSS score of 7.5 (high severity) due to confidentiality impact. CWE-522 (Insufficiently Protected Credentials).

What this means
What could happen
An attacker with access to a user's browser on an eSOMS workstation could extract stored login credentials, potentially leading to unauthorized access to the power grid management system. This could allow modification of grid operations or system settings.
Who's at risk
Electric utilities and power grid operators using Hitachi ABB Power Grids eSOMS for grid management and monitoring. This affects engineering workstations and operator consoles running eSOMS versions 6.3 and earlier.
How it could be exploited
An attacker must gain local access to a computer running eSOMS or compromise the workstation through social engineering (phishing, malicious attachments) to access the browser's stored credentials. The attacker then extracts the credentials from browser storage to authenticate to eSOMS systems.
Prerequisites
  • Local or physical access to an eSOMS workstation
  • Compromised user credentials or social engineering success
  • eSOMS version 6.3 or earlier installed on the workstation
Low complexity attack requiring local/physical accessNo authentication required once workstation is accessedAffects critical energy infrastructureEPSS score below 1% but credentials are high-value target
Exploitability
Low exploit probability (EPSS 0.3%)
Affected products (1)
ProductAffected VersionsFix Status
eSOMS: All≤ 6.36.3.1 or later
Remediation & Mitigation
0/5
Do now
0/1
HARDENINGRestrict eSOMS workstations from Internet access; configure firewalls to allow only necessary connections to power grid systems
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate eSOMS to version 6.3.1 or later
Long-term hardening
0/3
HARDENINGEnsure critical eSOMS systems have no direct Internet connection and are separated from office networks by firewall
HARDENINGProvide security awareness training to users on phishing and social engineering attacks
HARDENINGScan portable media and removable storage for malware before connecting to eSOMS workstations
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/1b226a12-c918-4d5e-bf95-666def13d42d