OTPulse
FeedAboutContact

Hitachi Energy SDM600

Plan Patch8ICS-CERT ICSA-24-354-02Dec 19, 2024
Attack VectorAdjacent
Auth RequiredLow
ComplexityHigh
User InteractionRequired
Summary

Hitachi Energy SDM600 versions below 1.3.4 contain privilege escalation and unauthorized information access vulnerabilities (CWE-346, CWE-863). The vulnerabilities require local network access, valid user credentials, and user interaction to exploit. Exploitation is not remotely possible and has high attack complexity. Hitachi Energy has released a fix in version 1.3.4.

What this means
What could happen
An attacker with local network access and valid credentials could escalate privileges on the SDM600 device and access sensitive information, potentially gaining unauthorized control over energy management functions.
Who's at risk
Energy utilities operating Hitachi Energy SDM600 devices (version below 1.3.4) should prioritize this update. SDM600 is commonly used for substation monitoring and data management in electric distribution networks, making this relevant to any electric utility or generation facility relying on this equipment for operational visibility.
How it could be exploited
An attacker must first obtain network access to the SDM600 device on the local network, then use valid credentials and user interaction (such as social engineering) to trigger privilege escalation. Once escalated, they gain access to sensitive data and potentially the ability to modify device configurations.
Prerequisites
  • Local network access to the SDM600 device (not remotely exploitable)
  • Valid user credentials
  • User interaction (clicking a link or opening an attachment)
  • Complex exploitation conditions (acknowledged high attack complexity)
Privilege escalation possible with valid credentialsRequires user interaction (social engineering vector)Affects energy sector control systemsHigh attack complexity reduces exploitation likelihoodNot remotely exploitable
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
SDM600<1.3.41.3.4
Remediation & Mitigation
0/4
Do now
0/1
HARDENINGRestrict network access to SDM600 devices—do not expose them to the internet and place them behind firewalls isolated from business networks
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SDM600 to version 1.3.4 (Build Number 1.3.4.574)
Long-term hardening
0/2
HARDENINGUse Virtual Private Networks (VPNs) for any required remote access to SDM600 devices; ensure VPN software is updated to the latest version
HARDENINGTrain staff to recognize and avoid social engineering attacks—do not click unsolicited web links or open attachments in unsolicited email
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/a86050ce-4840-4164-b0b9-c0b0273d52d6
Hitachi Energy SDM600 | CVSS 8 - OTPulse