Hitachi Energy Retail Operations and CSB Software

Plan Patch7.2ICS-CERT ICSA-21-334-05Nov 30, 2021

Attack VectorLocal

Auth RequiredHigh

ComplexityHigh

User InteractionNone needed

Summary

Hitachi Energy Retail Operations and Counterparty Settlement and Billing (CSB) versions 5.7.3 and prior contain an improper access control vulnerability (CWE-284) that could allow an authorized local user with high privileges to gain unauthorized access to data and modify data within the affected product.

What this means

What could happen

An attacker with local administrative access could view or modify billing data, settlement information, or customer records in your Retail Operations or CSB system without proper authorization, potentially affecting billing accuracy and regulatory compliance.

Who's at risk

Energy utility IT and operations staff managing Hitachi Energy Retail Operations or Counterparty Settlement and Billing systems. This affects billing, settlement, and retail customer data operations. Any utility using these products for rate billing or customer account management should prioritize assessment and patching.

How it could be exploited

An attacker with high-privilege local access to the system running Retail Operations or CSB could exploit the access control flaw to read or modify data they should not have permission to access. This requires existing local administrative credentials and physical or remote access to the server itself.

Prerequisites

High-privilege local account access to the server running Retail Operations or CSB
Physical access to the server or active remote session with administrative credentials
Local system access (not remotely exploitable across the network)

local privilege escalationimproper access controlsno authentication required once local access obtainedaffects data integrity and confidentiality

Exploitability

Low exploit probability (EPSS 0.0%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

Counterparty Settlement and Billing (CSB):≤ 5.7.35.7.3.1

Retail Operations:≤ 5.7.35.7.3.1

Remediation & Mitigation

0/5

Do now

0/2

HARDENINGRoutinely monitor application process logs for unrecognized user sessions originating outside the Retail Operations application

HARDENINGRestrict local administrative access to servers running these applications to authorized personnel only

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

Counterparty Settlement and Billing (CSB):

HOTFIXUpgrade Counterparty Settlement and Billing (CSB) to version 5.7.3.1 or later

All products

HOTFIXUpgrade Retail Operations to version 5.7.3.1 or later

Long-term hardening

0/1

Counterparty Settlement and Billing (CSB):

HARDENINGHarden the operating system on servers running Retail Operations and CSB by applying OS-level security patches and disabling unnecessary services

CVEs (1)

CVE-2021-35528

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/e2f25c57-7457-4025-b589-2a26c6ed753a