Hitachi ABB Power Grids Retail Operations and CSB Products
Plan Patch7.7ICS-CERT ICSA-21-236-02Aug 24, 2021
Attack VectorNetwork
Auth RequiredHigh
ComplexityHigh
User InteractionNone needed
Summary
This vulnerability in Hitachi ABB Power Grids Retail Operations and Counterparty Settlement and Billing (CSB) products allows an attacker with high-level administrative credentials to access database credentials, shut down the product, and read or modify system data. The vulnerability resides in insufficient credential storage protections, related to CWE-522 (Insufficiently Protected Credentials). The products affected are Retail Operations and CSB, all versions up to and including 5.7.2. Hitachi ABB Power Grids recommends updating to Version 5.7.3 or later. An entry point for this vulnerability is unsecured operating system configurations on which the product is installed.
What this means
What could happen
An attacker with high-level administrative access could extract database credentials, shut down billing and settlement operations, or modify critical energy trading and billing data. This could disrupt financial settlements and settlement processing for energy markets.
Who's at risk
Energy market operators and utilities that run Hitachi ABB Power Grids Retail Operations or Counterparty Settlement and Billing (CSB) systems should be concerned. These products handle billing, settlement, and financial transactions for energy markets. Affected organizations include power trading companies, utilities, and energy service operators who depend on these systems for operational financial processes.
How it could be exploited
An attacker with high-privilege credentials (such as a system administrator or engineer) could exploit this vulnerability to access the underlying database, extract stored credentials, shut down the service, or read/modify system data. The attack requires prior access to an administrative account on the system.
Prerequisites
- High-privilege administrative credentials to the affected product (system administrator or engineer role)
- Network access to the Retail Operations or CSB application
- Unsecured or weakly hardened host operating system
- Access may be facilitated by weak OS-level security controls
High privilege access requiredHigh attack complexityNo patch available for current versions (remediation requires manual vendor update)Affects billing and settlement operations (financial impact)Weak OS security posture can increase risk
Exploitability
Low exploit probability (EPSS 0.3%)
Affected products (2)
2 with fix
ProductAffected VersionsFix Status
Retail Operations: All≤ 5.7.25.7.3 or later
Counterparty Settlement and Billing (CSB): All≤ 5.7.25.7.3 or later
Remediation & Mitigation
0/7
Do now
0/1Counterparty Settlement and Billing (CSB): All
WORKAROUNDImplement firewall rules to restrict network access to Retail Operations and CSB to only authorized administrative workstations
Schedule — requires maintenance window
0/3Patching may require device reboot — plan for process interruption
Counterparty Settlement and Billing (CSB): All
HOTFIXUpgrade Counterparty Settlement and Billing (CSB) to Version 5.7.3 or later
All products
HOTFIXUpgrade Retail Operations to Version 5.7.3 or later
HARDENINGMonitor application process logs and system logs for unrecognized user sessions originating from outside the application
Long-term hardening
0/3Counterparty Settlement and Billing (CSB): All
HARDENINGIsolate Retail Operations and CSB systems from the business network using a DMZ or dedicated network segment
All products
HARDENINGHarden the operating system hosting these products according to CIS guidelines
HARDENINGEnsure these systems are not accessible from the Internet; use VPN with strong authentication for any required remote access
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/c3002ccc-048b-4f2b-b781-d8e2510a7d05