Hitachi Energy PCU400

Act Now7.5ICS-CERT ICSA-25-065-01Mar 6, 2025

Attack VectorNetwork

Auth RequiredNone

ComplexityHigh

User InteractionNone needed

Summary

OpenSSL-based vulnerabilities in Hitachi Energy PCU400 and PCULogger could allow remote attackers to decrypt IEC62351-3-secured IEC104/DNP3 protocol communications, access sensitive operational data, or cause denial-of-service through memory corruption. The vulnerabilities exist in cryptographic implementations and data handling when IEC104/DNP3 secure mode is enabled. Affected versions: PCU400 6.5_K and below, PCU400 9.4.1 and below, PCULogger 1.1.0 and below.

What this means

What could happen

An attacker with network access could decrypt sensitive IEC104/DNP3 communications protected by IEC62351-3, access confidential data, or crash the PCU400 device, disrupting power flow monitoring and control operations.

Who's at risk

Energy utilities and manufacturing facilities operating Hitachi Energy PCU400 power control units, especially those using IEC62351-3 secure protocol for remote terminal unit (RTU) communications. Any organization relying on PCU400 for SCADA data collection and power system monitoring should assess their deployment.

How it could be exploited

An attacker on the network could intercept and decrypt IEC62351-3-secured IEC104 or DNP3 protocol traffic to the PCU400, extract sensitive operational data, or send malformed protocol messages that cause memory corruption and crash the device application, triggering a denial-of-service.

Prerequisites

Network access to PCU400 device on ports used for IEC104 (port 2404) or DNP3 (port 20000 typical)
Device must be configured to use IEC62351-3 secure protocol for IEC104/DNP3 communications
No authentication required to exploit the cryptographic weakness

remotely exploitablehigh CVSS score (7.5)high EPSS score (88.5%)no authentication requiredaffects critical power grid monitoring and controlmemory corruption vulnerabilities (type confusion, buffer overflow, use-after-free)

Exploitability

High exploit probability (EPSS 88.5%)

Affected products (3)

3 with fix

ProductAffected VersionsFix Status

PCU400≤ 6.5 K6.6.0

PCU400≤ 9.4.16.6.0

PCULogger≤ 1.1.01.2.0

Remediation & Mitigation

0/7

Do now

0/2

PCU400

WORKAROUNDImplement firewall rules to restrict network access to PCU400 devices, limiting connections to authorized control engineering networks only

All products

WORKAROUNDDisable IEC104/DNP3 protocol features if not required for operations

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

PCU400

HOTFIXUpdate PCU400 version 6.5_K or below to version 6.6.0 or later

HOTFIXUpdate PCU400 version 9.4.1 or below to version 9.4.2 or later

PCULogger

HOTFIXUpdate PCULogger version 1.1.0 or below to version 1.2.0 when available

Long-term hardening

0/2

PCU400

HARDENINGProhibit direct Internet connections or USB/removable media use on PCU400 systems without malware scanning

All products

HARDENINGImplement network segmentation to isolate process control network from corporate network and external connections

CVEs (8)

CVE-2023-0286 CVE-2023-0217 CVE-2023-0216 CVE-2023-0401 CVE-2023-0215 CVE-2022-4450 CVE-2022-4304 CVE-2022-4203

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/8517aeca-68ce-4a32-ad05-9eb006f8aaa7