Hitachi Energy System Data Manager

Act Now7.5ICS-CERT ICSA-22-116-01Apr 26, 2022

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Hitachi Energy System Data Manager SDM600 contains multiple vulnerabilities (CWE-203, CWE-674, CWE-617, CWE-843, CWE-190) that allow remote attackers to eavesdrop on unencrypted traffic or cause denial-of-service conditions. Successful exploitation requires only network access and no authentication. All versions prior to 1.2 FP2 HF10 (Build 1.2.14002.506) are affected.

What this means

What could happen

An attacker could intercept unencrypted communication to System Data Manager SDM600 or cause it to become unavailable, disrupting visibility into energy transmission and distribution operations.

Who's at risk

Energy utilities and transportation operators who rely on Hitachi Energy System Data Manager SDM600 for monitoring and managing electrical transmission and distribution systems. This affects both generation facilities and distribution control centers that depend on SDM600 for real-time operational data visibility.

How it could be exploited

An attacker with network access to System Data Manager SDM600 could send specially crafted packets to trigger a denial-of-service condition or passively eavesdrop on network traffic between the SDM600 and connected devices to gather operational information.

Prerequisites

Network access to System Data Manager SDM600 (port-level access not specified; likely management or data collection interface)
No authentication required

remotely exploitableno authentication requiredlow complexityno patch availablehigh EPSS score (29.2%)

Exploitability

High exploit probability (EPSS 29.2%)

Affected products (1)

ProductAffected VersionsFix Status

All System Data Manager - SDM600:<1.2 FP2 HF10 (Build Nr. 1.2.14002.506)No fix yet

Remediation & Mitigation

0/5

Do now

0/2

HARDENINGIsolate System Data Manager SDM600 on a dedicated VLAN or air-gapped network segment, restricting access to authorized engineering and operations staff only

WORKAROUNDImplement firewall rules to restrict inbound network access to System Data Manager SDM600 to only required management and data collection ports, and block access from untrusted networks

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

HARDENINGEnable encrypted communication (TLS/SSL) for all management and data collection traffic to and from System Data Manager SDM600 if supported by the product or through a proxy/gateway

HARDENINGMonitor System Data Manager SDM600 for signs of denial-of-service attacks (sudden performance degradation, connection drops, CPU/memory spikes) and implement DDoS mitigation if possible

HOTFIXContact Hitachi Energy to determine if a patch will be released for System Data Manager SDM600 and establish a timeline for applying any future updates

CVEs (7)

CVE-2020-1968 CVE-2020-12243 CVE-2020-25709 CVE-2020-25710 CVE-2020-36229 CVE-2020-36230 CVE-2021-23840

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/62db1865-e250-40e9-89b0-59239abd30a7