CISA warns of critical remote code execution flaw in industrial control systems
A critical remote code execution vulnerability has been discovered in Hitachi Energy Relion REB500 devices, potentially allowing attackers to take complete control of affected industrial control systems.
The vulnerability, tracked as CVE-2024-0001, affects all versions of the Relion REB500 protection relay software prior to version 3.1.2. With a CVSS v3.1 base score of 9.8 (Critical), the flaw could enable unauthenticated remote attackers to execute arbitrary code on vulnerable devices.
Technical Details
The vulnerability stems from improper input validation in the device's web interface. Attackers can exploit this by sending specially crafted HTTP requests to port 80, bypassing authentication mechanisms entirely. Once exploited, attackers gain full control over the device, potentially disrupting power grid operations and other critical infrastructure.
Affected Products
- Relion REB500 protection relays (all versions before 3.1.2)
- Devices running on firmware versions prior to the patched release
- Industrial control systems using these relays for power grid protection
Mitigation Steps
Organizations using affected devices should immediately:
- Update to Relion REB500 version 3.1.2 or later
- Apply network segmentation to isolate vulnerable devices
- Implement access controls to restrict unauthorized connections
- Monitor network traffic for suspicious activity on port 80
Timeline
- Vulnerability discovered: December 2023
- Patch released: January 15, 2024
- CISA advisory published: February 1, 2024
Impact Assessment
Given the critical nature of industrial control systems in power distribution, successful exploitation could lead to:
- Uncontrolled power grid operations
- Equipment damage from improper relay settings
- Potential cascading failures in electrical infrastructure
- Safety hazards in industrial environments
Recommendations
CISA strongly recommends organizations prioritize patching these devices, as they are often deployed in environments where traditional security measures may be limited. The agency notes that industrial control systems typically have long operational lifespans, making timely patching essential.
For organizations unable to immediately update, implementing compensating controls such as network segmentation and strict access controls is critical until patches can be applied.
Additional Resources
Comments
Please log in or register to join the discussion