Hitachi Energy TXpert Hub CoreTec 4 Sudo Vulnerability
Act Now7.8ICS-CERT ICSA-22-256-01Sep 13, 2022
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary
A sudo misconfiguration vulnerability (CWE-193) in TXpert Hub CoreTec 4 allows a local user to escalate privileges and gain full control of the system node and its information. Affected versions are 2.0.0–2.0.1, 2.1.0–2.1.3, and 2.2.0–2.2.1. This vulnerability is actively exploited in the wild. Hitachi Energy has released a patch in version 2.3.0. Temporary mitigation includes disabling SSH and implementing strict physical access controls.
What this means
What could happen
An attacker with local access to the TXpert Hub CoreTec 4 system could escalate privileges via a sudo vulnerability to gain full control of the node, potentially altering critical energy system configurations or stopping grid control operations.
Who's at risk
Energy utilities operating Hitachi Energy TXpert Hub CoreTec 4 systems for grid control, substation automation, or generation coordination should prioritize remediation. These systems are critical for managing power distribution and any compromise could disrupt service to customers.
How it could be exploited
An attacker with an unprivileged account on the TXpert Hub CoreTec 4 system exploits a sudo configuration flaw to execute arbitrary commands with root privileges. This requires local system access (e.g., via compromised user credentials or physical terminal access), and once executed, grants complete control over the control system.
Prerequisites
- Valid unprivileged user account on TXpert Hub CoreTec 4 system
- Local access to the system (command-line shell or terminal)
- Knowledge of the specific sudo misconfiguration
Actively exploited (KEV)Very high exploit probability (EPSS 92.5%)Low complexity privilege escalationAffects critical energy infrastructureNo authentication required once local access obtained
Exploitability
Actively exploited — confirmed by CISA KEV
Affected products (3)
3 with fix
ProductAffected VersionsFix Status
TXpert Hub CoreTec 4:2.0.0 | 2.0.12.3.0
TXpert Hub CoreTec 4:2.1.0 | 2.1.1 | 2.1.2 | 2.1.32.3.0
TXpert Hub CoreTec 4:2.2.0 | 2.2.12.3.0
Remediation & Mitigation
0/5
Do now
0/3HOTFIXUpdate TXpert Hub CoreTec 4 to version 2.3.0 or later
WORKAROUNDDisable SSH/secure remote access on TXpert Hub CoreTec 4 per Hitachi security deployment guidelines
HARDENINGImplement physical security controls to restrict direct terminal access to TXpert Hub CoreTec 4
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HARDENINGIsolate TXpert Hub CoreTec 4 behind firewall with only necessary ports open
Long-term hardening
0/1HARDENINGRestrict network access from business networks to control system networks
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/c844fc80-aeb2-4c60-9822-c629b065ca19