Hitachi Energy MSM

Plan PatchCVSS 8.6ICS-CERT ICSA-24-319-16Nov 14, 2024

Hitachi EnergyEnergy

Summary

Hitachi Energy MSM contains vulnerabilities (CWE-772 resource leaks, CWE-835 infinite loops) that could allow an attacker to impact confidentiality, integrity, or availability of the system. MSM is a monitoring and management platform for energy infrastructure. The vulnerabilities affect versions 2.2.8 and earlier. No patch is currently available from Hitachi Energy.

What this means

What could happen

An attacker with network access to MSM could trigger resource exhaustion or system hangs, potentially causing the monitoring system to become unavailable and preventing visibility into critical energy infrastructure operations.

Who's at risk

Energy sector organizations operating Hitachi Energy MSM systems for monitoring and controlling power generation, transmission, and distribution equipment should take action. This includes utilities using MSM for SCADA monitoring, grid management, and real-time system visibility.

How it could be exploited

An attacker with network access to the MSM server could send malformed requests that trigger resource leaks or infinite loops in the application, causing the system to exhaust memory or CPU and become unresponsive. Exploitation does not appear to require authentication based on the advisory details.

Prerequisites

Network access to MSM (not protected by firewall)
No authentication required based on vulnerability classification

remotely exploitableno authentication requiredno patch availableaffects critical infrastructure monitoring

Exploitability

Some exploitation risk — EPSS score 7.3%

Affected products (1)

ProductAffected VersionsFix Status

MSM: <=2.2.8≤ 2.2.8No fix (EOL)

Remediation & Mitigation

0/7

Do now

0/4

WORKAROUNDDisconnect MSM from any internet-facing networks immediately

HARDENINGImplement firewall rules to restrict network access to MSM to only authorized personnel and systems

HARDENINGDisable direct internet connectivity to MSM and require connections through a secure jump server or VPN

HARDENINGEnable and maintain OS-level user access controls on all computers running MSM Client to prevent unauthorized command execution

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

HARDENINGApply CIS Microsoft Windows Desktop and Server Benchmarks hardening guidelines to all systems hosting or accessing MSM

HARDENINGDeploy and maintain current antivirus protection with latest signature rules on all computers running MSM Client

HOTFIXMonitor for a patch from Hitachi Energy and apply immediately when available

CVEs (2)

CVE-2024-2398 CVE-2019-5097

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/a86ac901-5856-4d9a-b107-f3133c501eac

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.