OTPulse
FeedAboutContact

Hitachi Energy PCM600 Update Manager

Monitor6.7ICS-CERT ICSA-21-336-07Dec 2, 2021
Attack VectorLocal
Auth RequiredLow
ComplexityHigh
User InteractionRequired
Summary

PCM600 Update Manager contains a certificate validation vulnerability (CWE-295) that allows an attacker with local access and valid user credentials to bypass software package authentication. Successful exploitation could allow installation of untrusted software packages on connected power system relays and protection devices. The attack requires high complexity and user interaction—specifically tricking a user into clicking a malicious link or opening an unsolicited attachment. The vulnerability is not remotely exploitable.

What this means
What could happen
An attacker with local access and user credentials could bypass certificate validation in the Update Manager and install malicious or untrusted software, potentially compromising power grid relays and associated control systems.
Who's at risk
Power utilities and energy sector operators who use Hitachi Energy PCM600 Update Manager to manage firmware and software for power system relays and protection devices. Affects versions 2.1 through 2.4.20119.2.
How it could be exploited
An attacker must have local access to a machine running PCM600 Update Manager, valid user credentials, and must trick a user into clicking a malicious link or opening an attachment. This bypasses certificate validation, allowing installation of an untrusted software package to the connected relay hardware.
Prerequisites
  • Local access to the machine running PCM600 Update Manager
  • Valid user credentials on that machine
  • User must click a malicious link or open an unsolicited attachment
  • High attack complexity (requires specific conditions)
local access requireduser interaction requiredhigh attack complexitycertificate validation bypassaffects energy/power grid equipmentno known public exploits
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (1)
ProductAffected VersionsFix Status
PCM600 Update Manager:2.1 | 2.1.0.4 | 2.2 2.2.0.1 | 2.2.0.2 | 2.2.0.23 | 2.3.0.60 | 2.4.20041.1 |2.4.20119.22.4.21218.1
Remediation & Mitigation
0/4
Do now
0/2
HARDENINGEnforce least-privilege principle for user accounts on machines running Update Manager
HARDENINGEducate users not to click web links or open unsolicited attachments in email
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate PCM600 Update Manager to version 2.4.21218.1 or later
Long-term hardening
0/1
HARDENINGIsolate Update Manager machines on a separate engineering network segment with restricted access
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/ece2e281-2ca8-45b9-bdcf-b24fbfeda89a
Hitachi Energy PCM600 Update Manager | CVSS 6.7 - OTPulse