Hitachi Energy Relion REB500 Product
Summary
Hitachi Energy has identified vulnerabilities in its Relion REB500 product affecting authenticated users with specific roles. These flaws allow unauthorized access and modification of directory contents. A vendor fix is available, and a mitigation strategy involves disabling the Installer role when not performing firmware updates.
IFF Assessment
The vulnerabilities disclosed allow authenticated users to perform unauthorized actions, posing a risk to the integrity of the affected industrial control system.
Severity
Defender Context
This alert highlights the importance of patching and implementing vendor-recommended mitigations for industrial control systems, particularly in the energy sector. Defenders should pay close attention to access controls and user roles within critical infrastructure devices to prevent privilege escalation and unauthorized data modification.