Hitachi Energy PCU400

Act NowCVSS 7.5ICS-CERT ICSA-25-065-01Mar 6, 2025

Hitachi EnergyEnergyManufacturing

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityHigh

User InteractionNone needed

Summary

Hitachi Energy PCU400 and PCULogger contain OpenSSL vulnerabilities (CWE-843, CWE-476, CWE-416, CWE-415, CWE-203, CWE-125) that could allow an attacker with network access to decrypt sensitive data in IEC62351-3 secure communications, crash the device application, or cause denial of service. Affected versions: PCU400 6.5_K and below, PCU400 9.4.1 and below, and PCULogger 1.1.0 and below. The vulnerability exists in the implementation of IEC104/DNP3 secure protocol with IEC62351-3 encryption.

What this means

What could happen

An attacker with network access to a PCU400 could decrypt sensitive IEC104/DNP3 protocol data, crash the device, or deny service to process control operations relying on the device for monitoring and control.

Who's at risk

Power system operators and manufacturing facilities using Hitachi Energy PCU400 devices for power control and monitoring should prioritize this issue, especially if they rely on IEC62351-3 secure protocol for energy management SCADA communications or real-time process control.

How it could be exploited

An attacker on the network containing the PCU400 could send specially crafted packets to exploit OpenSSL vulnerabilities in the IEC62351-3 secure protocol implementation. By causing memory errors or type confusion, the attacker could read unencrypted data or crash the device, disrupting control communications.

Prerequisites

Network access to the PCU400 device port running IEC104/DNP3 with IEC62351-3 security enabled
The device must be running a vulnerable firmware version (PCU400 6.5_K or below, or PCU400 9.4.1 or below)

remotely exploitablehigh EPSS score (88.5%)affects industrial control communications protocolaffects safety-critical energy infrastructure

Exploitability

Likely to be exploited — EPSS score 88.4%

Public Proof-of-Concept (PoC) on GitHub (1 repository)

Affected products (3)

3 with fix

ProductAffected VersionsFix Status

PCU400≤ 6.5 K6.6.0

PCU400≤ 9.4.16.6.0

PCULogger≤ 1.1.01.2.0

Remediation & Mitigation

0/6

Do now

0/1

PCU400

WORKAROUNDImplement firewall rules to restrict network access to PCU400 IEC104/DNP3 ports to only authorized control networks and SCADA systems

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

PCU400

HOTFIXUpdate PCU400 to firmware version 6.6.0 or later if running version 6.5_K or below and using IEC62351-3 secure IEC104/DNP3

HOTFIXUpdate PCU400 to firmware version 9.4.2 or later if running version 9.4.1 or below and using IEC62351-3 secure IEC104/DNP3

PCULogger

HOTFIXUpdate PCULogger to version 1.2.0 or later if using PCULogger version 1.1.0 or below

Long-term hardening

0/2

PCU400

HARDENINGEnsure PCU400 devices have no direct Internet connectivity and are not used for general-purpose computing activities

All products

HARDENINGSegment the process control network from untrusted networks (corporate IT, Internet) using a firewall with minimal exposed ports

CVEs (8)

CVE-2023-0217 CVE-2023-0216 CVE-2023-0401 CVE-2022-4304 CVE-2022-4203 CVE-2022-4450 CVE-2023-0215 CVE-2023-0286

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/8517aeca-68ce-4a32-ad05-9eb006f8aaa7

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.