Hitachi Energy APM Edge
Act Now9.1ICS-CERT ICSA-21-336-06Dec 2, 2021
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
Hitachi Energy APM Edge versions 1.0, 2.0, and 3.0 contain multiple memory safety vulnerabilities (null pointer dereference, out-of-bounds access, use-after-free) that can be triggered by a network request without authentication. Successful exploitation causes the APM Edge application to crash, rendering the monitoring system inaccessible. The vulnerability is not remotely exploitable in the sense of direct Internet attack but is exploitable from any device on the local network with connectivity to the APM Edge port.
What this means
What could happen
An attacker with network access to APM Edge could crash the application or render it inaccessible, disrupting monitoring and data collection for power distribution networks. This could prevent operators from seeing critical system status during faults or contingencies.
Who's at risk
Power distribution operators and energy utilities running Hitachi Energy APM Edge monitoring software versions 1.0, 2.0, or 3.0 are affected. This is critical for utilities relying on APM Edge for real-time visibility into grid equipment, switchgear, and transformer status.
How it could be exploited
An attacker with network access to the APM Edge device could send a specially crafted network request that triggers a memory corruption or null pointer dereference vulnerability, causing the application to crash. The vulnerability requires no authentication to exploit.
Prerequisites
- Network access to APM Edge device
- No authentication required
remotely exploitableno authentication requiredlow complexityhigh CVSS score (9.1)no patch available for versions 1.0-3.0affects monitoring/visibility systems
Exploitability
Moderate exploit probability (EPSS 8.4%)
Affected products (3)
3 pending
ProductAffected VersionsFix Status
APM Edge:3.0No fix yet
APM Edge:2.0No fix yet
APM Edge:1.0No fix yet
Remediation & Mitigation
0/6
Do now
0/4HARDENINGImplement network segmentation: isolate APM Edge devices on a separate control network segment accessible only to authorized monitoring systems and engineering workstations
WORKAROUNDDeploy firewall rules to restrict network access to APM Edge to only required management and data collection interfaces (limit exposed ports)
HARDENINGDo not connect APM Edge systems directly to the Internet; access only through jump servers or VPNs on segregated networks
HARDENINGRestrict APM Edge use to process monitoring only—do not use for email, web browsing, or instant messaging
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpgrade Hitachi Energy APM Edge to version 4.0 or later
Long-term hardening
0/1HARDENINGScan portable computers and removable media for malware before connecting to APM Edge networks
CVEs (29)
CVE-2021-3449CVE-2020-1971CVE-2019-1563CVE-2019-1549CVE-2019-1547CVE-2021-23840CVE-2021-23841CVE-2017-8872CVE-2019-20388CVE-2020-24977CVE-2021-3516CVE-2021-3517CVE-2021-3518CVE-2021-3537CVE-2021-3541CVE-2020-10713CVE-2020-14308CVE-2020-14309CVE-2020-14310CVE-2020-14311CVE-2020-15705CVE-2020-15706CVE-2020-15707CVE-2020-14372CVE-2020-25632CVE-2020-27749CVE-2020-27779CVE-2021-20225CVE-2021-20233
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/ddd7a6be-48c1-4517-ba47-2108658beab3