VDB
ICSA-25-065-01
ICSA-25-065-01
PUBLISHED
CVSS 7.400000095367432 HIGH
Hitachi Energy is aware of the multiple vulnerabilities related to various versions of OpenSSL library components used in PCU400 versions listed in this document below for IEC62351-3 secure for IEC104/DNP3 or PCULogger tool. These vulnerabilities if exploited, can cause confidentiality and availability impacts. Refer to the Recommended Immediate Actions for information about the available mitigation/remediation strategies.
Risk Scores
CVSS 3.1
7.400000095367432
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| PCU400 versions 6.5 K and below | ||
| PCU400 version 6.6.0 | ||
| PCULogger version 1.2.0 | ||
| PCULogger versions 1.1.0 and below | ||
| PCU400 version 9.4.2 | ||
| PCU400 versions 9.4.1 and below |
Timeline
- Feb 25, 2025 CVE Published
References
- https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2025/icsa-25-065-01.json advisory
- https://publisher.hitachienergy.com/preview?DocumentId=8dbd000213&languageCode=en&Preview=true advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-25-065-01 advisory
- https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01 url
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices url
- https://www.cisa.gov/topics/industrial-control-systems url
- https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf url
- https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf url
- https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B url