Hitachi Energy’s Asset Suite 9 has been flagged for an Improper Authentication vulnerability, potentially allowing attackers to exploit an anomaly in authentication to trigger REST service invocation. This could pave the way for unauthorized access and invocation of services. The affected versions include those preceding 9.6.3.13 and 9.6.4.1, urging immediate actions to update to the recommended versions as provided by Hitachi Energy for vulnerability mitigation and heightened security measures.
The vulnerability, categorized under CVE-2024-2244 with a CVSS v4 base score of 6.9, poses a significant risk if exploited. Hitachi Energy promptly reported this issue to CISA, urging users to adhere to the suggested mitigations available in versions 9.6.3.13 and 9.6.4.1. Moreover, CISA recommends defensive strategies to mitigate risks, including minimizing network exposure, employing secure remote access methods like VPNs, and conducting rigorous impact and risk assessments before implementing defensive measures.
Organizations are reminded by CISA to assess their control systems’ security, adopt best practices detailed in relevant resources, and remain proactive in safeguarding their assets against potential cyber threats. While no public exploitation targeting this specific vulnerability has been reported, organizations are advised to stay vigilant, apply the recommended cybersecurity strategies, and report any suspected malicious activities for further evaluation and tracking by CISA.
