Hitachi Energy’s AFS65x, AFS67x, AFR67x and AFF66x Products

Plan Patch8.1ICS-CERT ICSA-23-143-01May 31, 2023

Attack VectorNetwork

Auth RequiredNone

ComplexityHigh

User InteractionNone needed

Summary

A use-after-free vulnerability (CWE-416) exists in Hitachi Energy AFS and AFR frequency drives. Successful exploitation allows an attacker to disclose sensitive information such as configuration data or cause a denial-of-service by crashing the device. The vulnerability requires network access but no authentication. Affected products include AFS65x, AFS660/665S, AFS660/665C, AFS670v2, AFS670/675, AFR67x, and AFF660/665.

What this means

What could happen

An attacker with network access could exploit a use-after-free memory vulnerability to read sensitive configuration data from these frequency drives or cause them to stop responding, disrupting power generation or distribution operations.

Who's at risk

This impacts electrical utilities and energy generation facilities using Hitachi Energy frequency drive products (AFS and AFR series) in motor control and power conversion applications. Operators of AFS65x (end-of-life), AFS660/665, AFS670, AFR67x, and AFF660/665 models should assess their inventory and network connectivity to these devices.

How it could be exploited

An attacker on the network sends a specially crafted request to the vulnerable frequency drive. The use-after-free flaw (CWE-416) allows the attacker to read freed memory containing sensitive data, or crash the device by accessing memory that has already been deallocated. No authentication is required, and the attack complexity is moderate (requires specific network conditions or payload construction).

Prerequisites

Network access to the frequency drive's management interface (likely port 502 or web management port)
No credentials required for exploitation

remotely exploitableno authentication requiredaffects power generation and distribution systemsno patch available for some product linesuse-after-free memory vulnerability (CWE-416)

Exploitability

Moderate exploit probability (EPSS 1.1%)

Affected products (7)

2 with fix4 pending1 EOL

ProductAffected VersionsFix Status

AFS660/665S: <= 7.1.05≤ 7.1.05No fix yet

AFS660/665C: <= 7.1.05≤ 7.1.05No fix yet

AFS670v2: <= 7.1.05≤ 7.1.05No fix yet

AFS670/675: <= 9.1.07≤ 9.1.079.1.08

AFR67x: <= 9.1.07≤ 9.1.079.1.08

AFF660/665: <= 03.0.02≤ 03.0.02No fix yet

AFS65x: *All versionsNo fix (EOL)

Remediation & Mitigation

0/5

Do now

0/2

HARDENINGApply network segmentation to restrict access to the frequency drives from the corporate network; only allow engineering workstations and SCADA systems that need direct communication with these devices

WORKAROUNDFor AFS65x end-of-life devices, implement firewall rules to block untrusted access to the device management interfaces

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

HOTFIXUpdate AFS670/675 and AFR67x devices to firmware version 9.1.08 or later

HOTFIXUpdate AFS660/665S, AFS660/665C, and AFS670v2 to version 7.1.08 when released by Hitachi Energy

HOTFIXFor AFF660/665 devices, update to the upcoming release when available

CVEs (2)

CVE-2022-40674 CVE-2022-43680

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/fadba083-756d-4133-96e1-8926dbc98142