OTPulse
FeedAboutContact

Hitachi Energy PCU400

Act Now7.5ICS-CERT ICSA-23-019-01Jan 19, 2023
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

PCU400 power control units (firmware versions 9.3.0 through 9.3.7) and PCULogger tool (version 1.0.1) contain a denial-of-service vulnerability in their input handling. An attacker can craft a malformed request that crashes or disables the logging function without authentication. This prevents event logging and audit trail creation until the service is restarted, potentially masking configuration changes or unauthorized access. The vulnerability is caused by insufficient input validation (CWE-1357).

What this means
What could happen
An attacker could disable the logging function on PCU400 power control units or their associated PCULogger servers, preventing operators from recording grid events and potentially masking unauthorized changes to device configuration or setpoints.
Who's at risk
Electric utility operators and energy sector facilities managing Hitachi Energy PCU400 power control units should prioritize this. Affects devices in substations and control centers that rely on PCULogger for event logging and troubleshooting.
How it could be exploited
An attacker on the network can send a specially crafted request to a PCU400 device (version 9.3.0 through 9.3.7) or PCULogger server (version 1.0.1) without authentication. The malformed input causes a denial-of-service condition that crashes or disables the logging service, making it unavailable until the service is manually restarted.
Prerequisites
  • Network access to PCU400 or PCULogger server (no specific port documented; assume port 80/443 or proprietary management port)
  • No credentials required
  • Target device must be running PCU400 firmware version 9.3.0 through 9.3.7 or PCULogger version 1.0.1
remotely exploitableno authentication requiredlow complexityhigh EPSS score (83.2%)affects logging and event recording (visibility/auditability risk)
Exploitability
High exploit probability (EPSS 83.2%)
Affected products (2)
2 with fix
ProductAffected VersionsFix Status
PCU400: PCU400:≥ 9.3.0 - but not including 9.3.89.3.8, 9.4 or later
PCU400: PCULogger tool:1.0.19.3.8, 9.4 or later
Remediation & Mitigation
0/6
Do now
0/1
WORKAROUNDRestrict network access to PCU400 and PCULogger servers from untrusted networks using firewall rules; allow only management traffic from authorized engineering workstations and SCADA networks
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate PCU400 firmware to version 9.3.8 or 9.4 or later
HOTFIXUpdate PCULogger tool to version 1.1.0 or later
Long-term hardening
0/3
HARDENINGDisable direct Internet connectivity to PCU400 devices; route all remote access through VPN with current security updates
HARDENINGSegment process control systems from office/IT networks using air gaps or firewall with minimal exposed ports
HARDENINGRestrict access to portable computers and removable media connected to PCU400 systems; scan for malware before use
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/e421a07e-7856-47ea-aa12-6ecff8b54e21
Hitachi Energy PCU400 | CVSS 7.5 - OTPulse