CVE-2024-2377 Hitachi Energy CVE debrief

Who should care

Organizations operating Hitachi Energy SDM600 devices in industrial environments, particularly those with web-based management interfaces exposed to internal networks. Critical infrastructure operators and energy sector entities utilizing SDM600 for monitoring and control applications should prioritize this patch.

Technical summary

The SDM600 device's web server is configured with overly permissive HTTP response headers, creating a security weakness that could be exploited by an attacker with adjacent network access and low privileges. Successful exploitation may enable the attacker to execute privileged operations and extract sensitive information from the device. The vulnerability requires user interaction and high attack complexity, but has severe potential impact with a scope change (S:C) indicating affected components beyond the vulnerable component. Remediation requires firmware update to version 1.3.4.

Defensive priority

HIGH

Recommended defensive actions

• Upgrade SDM600 firmware to version 1.3.4 (Build 1.3.4.574) or later to remediate the overly permissive HTTP response header vulnerability.
• Review and harden HTTP security headers on SDM600 devices per vendor guidance and CISA ICS recommended practices.
• Implement network segmentation to limit adjacent network access to SDM600 management interfaces.
• Apply defense-in-depth strategies for industrial control systems as outlined in CISA guidance.
• Monitor SDM600 access logs for anomalous privileged actions or unauthorized sensitive information access attempts.

Evidence notes

Vulnerability confirmed via CISA CSAF advisory ICSA-24-354-02. Affected product identified as SDM600 versions below 1.3.4. Vendor fix available in version 1.3.4 (Build 1.3.4.574). CVSS vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H.

Official resources