Hitachi Energy eSOMS

Monitor5.3ICS-CERT ICSA-23-313-02Nov 9, 2023

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Hitachi Energy eSOMS versions 6.3.13 and earlier contain information disclosure vulnerabilities (CWE-209, CWE-497) that allow an attacker to disclose sensitive application configuration information, including potentially database credentials and system settings. Successful exploitation does not require authentication or user interaction. The vendor has not yet released a fixed version.

What this means

What could happen

An attacker could read sensitive configuration information from eSOMS, such as database credentials, API keys, or system settings that could enable further attacks on the energy management system.

Who's at risk

Energy utilities and grid operators using Hitachi Energy eSOMS (Energy Monitoring and Operation Management System) for monitoring and managing power distribution, generation, or transmission operations.

How it could be exploited

An attacker on the network can send requests to eSOMS without authentication to trigger error messages or responses that leak sensitive configuration details. This does not require valid credentials or user interaction.

Prerequisites

Network access to eSOMS service (typically port 80/443)
eSOMS version 6.3.13 or earlier running and accessible

remotely exploitableno authentication requiredlow complexityno patch availableinformation disclosure

Exploitability

Low exploit probability (EPSS 0.3%)

Affected products (1)

ProductAffected VersionsFix Status

eSOMS: <=6.3.13≤ 6.3.13No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGRestrict network access to eSOMS to only authorized administrative networks; block inbound connections from the internet and untrusted networks

WORKAROUNDIf remote access to eSOMS is required, use a VPN or secure jump host and restrict to specific administrative users

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate eSOMS to a patched version when Hitachi Energy releases one

Mitigations - no patch available

0/1

eSOMS: <=6.3.13 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGPlace eSOMS behind a firewall and isolate it from business/corporate networks

CVEs (3)

CVE-2023-5514 CVE-2023-5515 CVE-2023-5516

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/3e3257cd-fc61-4aa7-a726-56672e3bd0fb