OTPulse
FeedAboutContact

Hitachi ABB Power Grids System Data Manager

Monitor6.3ICS-CERT ICSA-21-250-02Sep 7, 2021
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary

SDM600 System Data Manager contains an insecure data storage vulnerability (CWE-312) that allows a local attacker to access sensitive information. The vulnerability affects all versions prior to 1.2 FP2 HF6 (Build Nr. 1.2.14002.257). A successful exploit could disclose configuration data, credentials, or other sensitive information used by power grid management systems.

What this means
What could happen
An attacker with local access to a system running SDM600 could read sensitive information stored on the device, such as configuration data or credentials. This could lead to unauthorized access to power grid management systems or disclosure of critical infrastructure information.
Who's at risk
Power utility operators and grid management teams using Hitachi ABB Power Grids SDM600 System Data Manager should assess this issue. SDM600 is used for data management and monitoring in electric power systems. Any organization using SDM600 for grid operations, control center functions, or network management should prioritize applying the available patch.
How it could be exploited
An attacker must first gain local access to a machine where SDM600 is installed (physical or logical access to the host OS). From there, they can exploit an insecure data storage issue to read sensitive information that the application stores without proper protection.
Prerequisites
  • Local access to the SDM600 host system
  • User-level privileges or higher on the host operating system
Low complexity attackLocal access required limits exposureInsecure data storage (CWE-312)Affects power grid management systems
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (1)
ProductAffected VersionsFix Status
SDM600: All< 1.2 FP2 HF6 (Build Nr. 1.2.14002.257)1.2 FP2 HF6 (Build Nr. 1.2.14002.257)
Remediation & Mitigation
0/4
Do now
0/1
WORKAROUNDMove previously created vulnerable backups from SDM600 to a secure, isolated location with restricted access
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade SDM600 to Version 1.2 FP2 HF6 (Build Nr. 1.2.14002.257) or newer
Long-term hardening
0/2
HARDENINGImplement least privilege access controls for SDM600 and related system resources
HARDENINGEnsure SDM600 is physically isolated, not connected to the Internet, and separated from other networks by a firewall with minimal exposed ports
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/389718b1-6b68-44f5-ad37-614d1f95f4b3
Hitachi ABB Power Grids System Data Manager | CVSS 6.3 - OTPulse