Hitachi Energy LinkOne WebView

Monitor4.2ICS-CERT ICSA-22-088-03Mar 29, 2022

Attack VectorNetwork

Auth RequiredLow

ComplexityHigh

User InteractionNone needed

Summary

LinkOne WebView versions 3.20 through 3.26 contain multiple web-based vulnerabilities: cross-site scripting (CWE-79) allowing injection of malicious code, information disclosure flaws (CWE-200, CWE-209) that expose application paths and sensitive data, and improper handling of cross-origin requests (CWE-693). An authenticated attacker could modify system files, extract credentials or configuration data, and launch web-based attacks. High attack complexity limits real-world exploitation. No known public exploits exist.

What this means

What could happen

An attacker with access to the LinkOne WebView application could modify system files, disclose sensitive information including application paths, and launch web attacks that compromise data confidentiality or integrity.

Who's at risk

Energy utilities operating Hitachi Energy LinkOne WebView for monitoring and configuration purposes. Versions 3.20 through 3.26 are affected. This impacts both engineering workstations and server-side applications used for grid management and protection system configuration.

How it could be exploited

An attacker with valid LinkOne user credentials gains network access to the WebView interface (typically port 80/443). They can then exploit cross-site scripting (CWE-79) and information disclosure flaws (CWE-200, CWE-209) to inject malicious code, extract application paths and sensitive data, or modify files on the server.

Prerequisites

Valid user credentials for LinkOne WebView
Network access to LinkOne WebView web interface (HTTP/HTTPS)
Knowledge of application endpoints (attacker can enumerate via CWE-209 disclosures)
High attack complexity required (per CVSS rating)

Remotely exploitable via web interfaceRequires valid user credentialsHigh attack complexityNo patch available for current versionsAffects engineering access to critical control systems

Exploitability

Low exploit probability (EPSS 0.3%)

Affected products (6)

6 with fix

ProductAffected VersionsFix Status

LinkOne WebView: v3.253.253.27

LinkOne WebView: v3.233.233.27

LinkOne WebView: v3.223.223.27

LinkOne WebView: v3.243.243.27

LinkOne WebView: v3.263.263.27

LinkOne WebView: v3.203.23.27

Remediation & Mitigation

0/5

Do now

0/1

WORKAROUNDRestrict network access to LinkOne WebView to authorized users only; implement firewall rules to deny direct Internet access to the application

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate LinkOne WebView to version 3.27 or later

HARDENINGEnsure all users access LinkOne WebView with the latest browser version to reduce client-side attack surface

Long-term hardening

0/2

HARDENINGIf remote access is required, route all connections through a VPN and ensure VPN infrastructure is up-to-date

HARDENINGApply CIS hardening guidelines to the host operating system running LinkOne WebView

CVEs (4)

CVE-2021-40337 CVE-2021-40338 CVE-2021-40339 CVE-2021-40340

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/718836f4-eb30-4382-a677-c3c54964059a