Hitachi Energy PROMOD V

Summary

Hitachi Energy is addressing a vulnerability in its PROMOD V product where it uses insecure HTTP transmission instead of HTTPS. This flaw could allow attackers to intercept or modify sensitive data, potentially leading to credential theft or unauthorized access. The affected versions are PROMOD V <= 1.0.10, and a fix involves upgrading and enabling HTTPS on the Digipede server.

IFF Assessment

FOE

The vulnerability allows attackers to intercept or manipulate sensitive data, which is detrimental to defenders.

Severity

7.1 High

The CVSS score of 7.1 (HIGH) is based on the vector string indicating a high attack complexity and impact, specifically the reliance on HTTP instead of HTTPS, which facilitates data interception and manipulation.

Defender Context

This alert highlights a critical infrastructure vulnerability where insecure HTTP transmission is used, posing a risk to sensitive data in the energy sector. Defenders should prioritize patching affected Hitachi Energy PROMOD V systems and ensuring HTTPS is enforced for all communication, especially in OT environments where data integrity is paramount.

Read Full Story →