CVE-2022-2513 is a high-severity vulnerability affecting Hitachi Energy's PCM600 product, specifically version 2.6. PCM600 is a software tool used for configuring and managing Intelligent Electronic Devices (IEDs) commonly deployed in electrical substations and critical energy infrastructure. The vulnerability arises from the cleartext storage of sensitive IED credentials within the PCM600 database and log files. This improper handling of credentials corresponds to CWE-312, which concerns cleartext storage of sensitive information. An attacker who gains access to an exported backup file of PCM600 can extract the IED credentials without needing any authentication or user interaction. Furthermore, an attacker with administrator-level access to the PCM600 host machine can analyze database log files to retrieve additional user credentials. These credentials can then be leveraged to perform unauthorized actions on the IEDs, such as loading malicious or incorrect configurations, rebooting devices, or causing denial-of-service conditions. The CVSS 3.1 base score is 7.1, indicating a high severity level, with an attack vector of local access (AV:L), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and a scope change (S:C). The impact is primarily on confidentiality (C:H), with no direct impact on integrity or availability according to the CVSS vector, though the described potential actions on IEDs imply possible indirect impacts on availability and integrity. No known exploits in the wild have been reported to date, and no patches are currently linked, indicating that mitigation may rely on access control and operational security measures until a fix is available. The vulnerability is critical in environments where PCM600 is used to manage vital energy infrastructure, as compromised credentials could lead to operational disruptions or safety hazards.

For European organizations, particularly those operating electrical substations and critical energy infrastructure, this vulnerability poses a significant risk. Hitachi Energy's PCM600 is widely used in the power sector across Europe for managing IEDs that control protection, automation, and monitoring functions. Unauthorized access to IED credentials could allow attackers to manipulate device configurations, potentially leading to incorrect protection settings, unintended device reboots, or denial-of-service conditions. Such disruptions can cause power outages, damage to equipment, or safety incidents affecting grid stability and reliability. The confidentiality breach of credentials also raises concerns about insider threats or lateral movement within networks if attackers escalate privileges. Given the strategic importance of energy infrastructure in Europe, exploitation could have cascading effects on other critical sectors dependent on stable power supply. The local attack vector means that attackers need some level of access to the PCM600 host or exported backup files, which may be obtained through insider threats, compromised administrative accounts, or insufficiently secured backup storage. The lack of user interaction required increases the risk once access is gained. Overall, the vulnerability could undermine operational integrity and availability of energy systems, with potential economic and safety consequences.

1. Restrict access to PCM600 host machines strictly to authorized personnel only, enforcing strong authentication and role-based access controls to minimize risk of local compromise. 2. Secure backup files containing PCM600 data by encrypting them at rest and in transit, and limit access to these backups to trusted administrators. 3. Implement strict monitoring and auditing of access to PCM600 systems and backup files to detect unauthorized access attempts promptly. 4. Use host-based security controls such as disk encryption and endpoint detection and response (EDR) solutions to prevent unauthorized local access or credential harvesting. 5. Regularly review and rotate IED credentials and administrative passwords to limit exposure time if credentials are compromised. 6. Isolate PCM600 management systems from broader corporate networks using network segmentation and firewalls to reduce attack surface. 7. Until an official patch is released, consider deploying compensating controls such as application whitelisting and restricting export functionality to trusted users only. 8. Educate operational technology (OT) staff about the risks of exporting backup files and the importance of secure handling of sensitive data. 9. Engage with Hitachi Energy support channels to obtain updates on patches or mitigations and plan timely deployment once available.