CISA has published three advisories describing security flaws in three products made by energy solutions provider Hitachi Energy. The vendor published its own advisories for the vulnerabilities in December. The advisories, hosted on ABB’s website, were released just weeks before ABB announced that it had completed the sale of its remaining stake in Hitachi Energy to Hitachi.
One CISA advisory describes five high-severity vulnerabilities in UNEM, a component of Hitachi Energy’s network management system (NMS). The issues are related to encryption and user credentials, and they can be exploited to obtain sensitive information and make malicious modifications to the system. Network access to the targeted system is required for exploitation.
