Hitachi Energy Gateway Station

Plan PatchCVSS 7.5ICS-CERT ICSA-23-059-01Mar 6, 2023

Hitachi EnergyEnergy

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Hitachi Energy Gateway Station versions 3.2.0.0 and earlier contain vulnerabilities related to null pointer dereference (CWE-476) and infinite loops (CWE-835) in process handling. Successful exploitation causes affected modules to stop working and become unavailable. The vulnerabilities are remotely exploitable over the network without authentication. One vulnerability (CVE-2020-25692) specifically impacts configurations with the Authentication Service installed, which is used for centralized SDM600 user account management but is not installed by default.

What this means

What could happen

An attacker could cause the Gateway Station to stop working, disrupting communication and control functions across your energy infrastructure. This affects any HMI, SCADA, or remote access dependent on the gateway.

Who's at risk

Energy utilities and operators using Hitachi Energy Gateway Station for SCADA, remote access, or centralized gateway functions. Particularly critical for organizations that depend on the gateway for communication between control networks and operations centers.

How it could be exploited

An attacker with network access to the Gateway Station can send a specially crafted request that triggers a null pointer dereference or infinite loop, causing the affected modules to crash or become unresponsive.

Prerequisites

Network access to the Gateway Station
No authentication required

remotely exploitableno authentication requiredlow complexityhigh EPSS score (8.3%)affects availability of critical control systemsaffects all versions 3.2.0.0 and earlier

Exploitability

Some exploitation risk — EPSS score 6.5%

Public Proof-of-Concept (PoC) on GitHub (6 repositories)

Affected products (8)

8 with fix

ProductAffected VersionsFix Status

Gateway Station (GWS): 2.0.0.02.0.0.03.3.0.0

Gateway Station (GWS): 2.1.0.02.1.0.03.3.0.0

Gateway Station (GWS): 2.2.0.02.2.0.03.3.0.0

Gateway Station (GWS): 2.3.0.02.3.0.03.3.0.0

Gateway Station (GWS): 2.4.0.02.4.0.03.3.0.0

Gateway Station (GWS): 3.0.0.03.0.0.03.3.0.0

Gateway Station (GWS): 3.1.0.03.1.0.03.3.0.0

Gateway Station (GWS): 3.2.0.0 and earlier≤ 3.2.0.03.3.0.0

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDConfigure firewalls to restrict network access to Gateway Station from untrusted networks and external sources

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Gateway Station to version 3.3.0.0 or later

Long-term hardening

0/2

HARDENINGPhysically restrict access to Gateway Station hardware to authorized personnel only

HARDENINGIf using Authentication Service, review whether it is necessary for your deployment (required only for centralized SDM600 user account management)

CVEs (2)

CVE-2020-25692 CVE-2022-0778

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/5d392516-0dc7-4bab-b557-f2828dcc4eeb

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.