Hitachi Energy MSM

Plan Patch8.6ICS-CERT ICSA-24-319-16Nov 14, 2024

Summary

Hitachi Energy MSM versions 2.2.8 and earlier contain resource leak (CWE-772) and infinite loop (CWE-835) vulnerabilities that could allow an attacker with network access to impact confidentiality, integrity, or availability of the monitoring system. MSM is not designed for direct internet exposure. Exploitation could occur via direct network access if MSM is internet-facing, or via a compromised workstation running the MSM Client application on the same network.

What this means

What could happen

An attacker with access to the MSM system could read sensitive data, modify system configurations or operating parameters, or disrupt power system monitoring and management functions that operators rely on.

Who's at risk

Energy utilities and operators who rely on Hitachi Energy's MSM (Monitoring, Supervision, and Management) system for power grid monitoring and control. This affects anyone running MSM version 2.2.8 or earlier, whether in a control center, engineering office, or field operations facility.

How it could be exploited

An attacker would need to reach the MSM system from the network—either directly if it is exposed to the internet (against design intent) or via an infected workstation running the MSM Client application. Once they have access, they could exploit CWE-772 (resource leak) or CWE-835 (infinite loop) to achieve code execution or denial of service on the monitoring system.

Prerequisites

Network access to the MSM system or a workstation running MSM Client
MSM version 2.2.8 or earlier deployed
MSM system exposed to untrusted network or compromised client workstation in same network segment

remotely exploitable if MSM exposed to network or Client is on compromised systemaffects monitoring and control systems in energy sectorno patch currently availableresource leak and infinite loop vulnerabilities could enable denial of servicelikely requires network access but complexity is moderate

Exploitability

Moderate exploit probability (EPSS 4.9%)

Affected products (1)

ProductAffected VersionsFix Status

MSM: <=2.2.8≤ 2.2.8No fix (EOL)

Remediation & Mitigation

0/8

Do now

0/2

HARDENINGDisconnect MSM from any internet-facing networks immediately; MSM is not intended for direct internet exposure

WORKAROUNDImplement OS-level user access controls on all computers running MSM Client to limit who can execute commands in the application

Schedule — requires maintenance window

0/4

Patching may require device reboot — plan for process interruption

HOTFIXApply the vendor update as soon as Hitachi Energy releases it; test in a maintenance window before deploying to production

HARDENINGDeploy and keep current antivirus with latest signature rules on all systems running MSM Client

HARDENINGRestrict use of computers with MSM Client to business purposes only—no web browsing, email, or instant messaging to reduce infection vectors

HARDENINGScan all portable computers and removable media for malware before connecting to the network with MSM systems

Mitigations - no patch available

0/2

MSM: <=2.2.8 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGApply CIS Benchmarks (Windows Desktop or Server) to harden the operating systems of computers connected to MSM

HARDENINGSegment the network: place MSM and its client workstations behind a firewall with minimal exposed ports; do not allow direct internet connections

CVEs (2)

CVE-2024-2398 CVE-2019-5097

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/a86ac901-5856-4d9a-b107-f3133c501eac