CISA Issues New Advisory for Industrial Control Systems


The Cybersecurity and Infrastructure Security Agency (CISA) has released a new advisory concerning a critical vulnerability in industrial control systems (ICS). 

The advisory, issued on June 18, 2024, highlights a significant security flaw in RAD Data Communications’ SecFlow-2 devices, which could be exploited remotely with low attack complexity.

The vulnerability, CVE-2019-6268, has been assigned a CVSS v4 base score of 8.7, indicating a high severity level. Public exploits for this vulnerability are available, making it a pressing concern for organizations using the affected equipment.

Successful exploitation of this path traversal vulnerability could allow an attacker to obtain sensitive files from the operating system by crafting a special request. 

This could potentially lead to unauthorized access to critical information and systems.

Free Webinar on API vulnerability scanning for OWASP API Top 10 vulnerabilities -> Book Your Spot

CISA Issues New Advisory

The vulnerability affects all versions of the following RAD Data Communications product:

CVE-2019-6268 – Vulnerability Overview

The path traversal vulnerability (CWE-29) in RAD SecFlow-2 devices allows URIs for directory traversal. 

This flaw can be exploited to read sensitive files. The CVSS v3.1 base score for this vulnerability is 7.5, with a vector string of (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

  • Critical Infrastructure Sectors: Communications
  • Countries/Areas Deployed: Worldwide
  • Company Headquarters Location: Israel

CISA discovered a Proof of Concept (PoC) and reported it to RAD Data Communications.

Mitigations

RAD Data Communications has indicated that the SecFlow-2 product line is End-Of-Life (EOL) and recommends upgrading to the more secure RAD SecFlow-1p product line. 

CISA advises users to take the following defensive measures to minimize the risk of exploitation:

  • Minimize network exposure for all control system devices and systems, ensuring they are not accessible from the internet.
  • Locate control system networks and remote devices behind firewalls and isolate them from business networks.
  • Use secure methods, such as Virtual Private Networks (VPNs), for remote access, ensuring VPNs are updated to the most current version available.

CISA also emphasizes the importance of performing proper impact analysis and risk assessment before deploying defensive measures. 

Additional mitigation guidance and recommended practices are available on the ICS webpage at cisa.gov/ics.Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. 

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.

Free Webinar! 3 Security Trends to Maximize MSP Growth -> Register For Free



Source link