OTPulse
FeedAboutContact

Hitachi Energy XMC20 and FOX61x

Act Now9ICS-CERT ICSA-21-341-02Dec 7, 2021
Attack VectorNetwork
Auth RequiredHigh
ComplexityLow
User InteractionNone needed
Summary

Hitachi Energy XMC20 and FOX61x devices contain vulnerabilities (CWE-521, CWE-431) in their Data Communication Network (DCN) routing configuration handling. Successful exploitation allows an attacker with high-level credentials to gain unauthorized access to DCN routing settings and disrupt communication between the Network Management System and Network Elements. All versions prior to R15A are affected.

What this means
What could happen
An attacker with high-level access could modify the Data Communication Network (DCN) routing configuration on these devices, disrupting communication between the Network Management System and network elements, potentially causing loss of visibility and control of the energy infrastructure.
Who's at risk
Energy utilities operating Hitachi Energy XMC20 and FOX61x network management devices should assess their exposure. These products are used for coordinating Data Communication Network (DCN) routing and Network Management System (NMS) communications across power systems. Any organization running versions below R15A is affected.
How it could be exploited
An attacker would need to first gain network access to the XMC20 or FOX61x device and authenticate with high-privilege credentials. Once authenticated, they could access the DCN routing configuration and make unauthorized changes that disrupt NMS-to-NE communication paths.
Prerequisites
  • Network access to the XMC20 or FOX61x management interface
  • High-privilege (administrator-level) credentials on the target device
  • Direct connectivity to the device or access via the management network
No authentication required after gaining network accessRequires high-level credentialsAffects network management and communication infrastructureNo patch available for older versions
Exploitability
Low exploit probability (EPSS 0.4%)
Affected products (2)
2 with fix
ProductAffected VersionsFix Status
XMC20: All< R15AR15A
FOX61x: All< R15AR15A
Remediation & Mitigation
0/6
Do now
0/2
WORKAROUNDImplement firewall rules to restrict administrative access to XMC20 and FOX61x devices to authorized management networks only
HARDENINGDisable direct Internet connectivity to XMC20 and FOX61x devices; ensure they are behind a firewall with minimal exposed ports
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade XMC20 devices to firmware version R15A or later
HOTFIXUpgrade FOX61x devices to firmware version R15A or later
Long-term hardening
0/2
HARDENINGPhysically restrict access to the devices and ensure only authorized personnel can connect to them
HARDENINGUse secure remote access methods such as VPNs when administrative access is required from outside the local network
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/7adf91c8-de73-4361-92fc-3b80dd3418cb
Hitachi Energy XMC20 and FOX61x | CVSS 9 - OTPulse