HITACHI Energy PCM600 has a vulnerability that affects PCM600 product versions listed in the advisory, with an attacker able to impact the integrity of the product. According to Hitachi Energy, the affected products include PCM600 Legacy versions up to 2.11 and several PCM600 3.0 series releases (3.0, 3.0 HF1, HF2, HF3, and 3.1 series SP1–SP3), all associated with CVE-2018-1002208.
The CVSS v3 base score is 4.4, and the vulnerability is described as an improper limitation of a pathname to a restricted directory (path traversal). Hitachi Energy notes that a vendor fix is planned to update to PCM600 3.1 SP4, and recommends migrating to supported versions (3.x) while following the Cyber Security Deployment Guideline and ensuring no default credentials are in use.
The advisory emphasises that the product is deployed worldwide in the energy sector, and provides remedial actions and acknowledgement that Hitachi Energy reported the vulnerability to CISA. It also urges customers to maintain security practices and firewall configurations to mitigate risk and to contact Hitachi Energy for tailored guidance.