CISA Releases Eight new ICS Advisories to Defend Cyber Attacks


 The Cybersecurity and Infrastructure Security Agency (CISA) has issued eight detailed advisories on vulnerabilities affecting Industrial Control Systems (ICS).

These vulnerabilities impact critical software and hardware across various industries, posing risks of service disruption, unauthorized access, and malicious code execution.

The following are the key vulnerabilities, their associated Common Vulnerabilities and Exposures (CVEs), and mitigation recommendations.

– Advertisement –
SIEM as a Service

1. Hitachi Energy SDM600: Privilege Escalation and Information Disclosure

The Hitachi Energy SDM600 platform is vulnerable to two significant flaws: Origin Validation Error and Incorrect Authorization.

The Origin Validation Error, identified as CVE-2024-2377, arises from an overly permissive HTTP response header configuration. This configuration could allow attackers to execute privileged actions and access sensitive data.

Free Webinar on Best Practices for API vulnerability & Penetration Testing:  Free Registration

Incorrect Authorization, tracked as CVE-2024-2378, is caused by weaknesses in the authentication system, enabling privilege escalation.

These vulnerabilities have CVSS scores of 7.6 and 8.0, respectively, emphasizing their critical nature. Upgrading to version 1.3.4 or later is required to address these risks.

2. Hitachi Energy RTU500 Series CMU: Buffer Overflow Vulnerability

Hitachi Energy’s RTU500 series CMU firmware is affected by a Buffer Overflow vulnerability, identified as CVE-2023-6711.

Improper input data validation in SCI and HCI IEC 60870-5-104 components leads to a possible denial-of-service condition by allowing attackers to send maliciously crafted messages.

The vulnerability has a CVSS v3 score of 5.9. Users are advised to update their firmware to the latest versions to mitigate this potential attack vector.

3. Delta Electronics DTM Soft: Arbitrary Code Execution

Delta Electronics’ DTM Soft, versions 1.30 and earlier, is vulnerable to a Deserialization of Untrusted Data flaw identified as CVE-2024-12677.

This vulnerability allows attackers to execute arbitrary code by exploiting the software’s deserialization function.

It carries a CVSS v3 score of 7.8 and a CVSS v4 score of 8.5, highlighting its high risk and low exploitation complexity. Users must upgrade to the latest version of DTM Soft to protect their systems.

4. Siemens User Management Component: Remote Code Execution

Siemens products, including SIMATIC PCS neo and TIA Portal, are vulnerable to a Heap-Based Buffer Overflow, identified as CVE-2024-49775.

This flaw allows unauthenticated attackers to execute arbitrary code remotely, posing severe risks to critical infrastructure.

With a CVSS v3 score of 9.8 and a CVSS v4 score of 9.3, this is among the most severe vulnerabilities identified in this advisory. Siemens has advised all users to implement the latest patches available through Siemens ProductCERT.

5. Tibbo AggreGate Network Manager: File Upload Exploitation

Tibbo’s AggreGate Network Manager is impacted by an Unrestricted File Upload vulnerability, tracked as CVE-2024-12700.

An attacker with low privileges can upload and execute malicious files, such as JSP shells, with the same level of permissions as the web server. This flaw has a CVSS v3 score of 8.8 and a CVSS v4 score of 8.7.

Organizations using AggreGate should update to version 6.34.03 or later as soon as possible.

6. Schneider Electric Accutech Manager: System Crash Vulnerability

Schneider Electric’s Accutech Manager, a telemetry system used in industrial environments, is vulnerable to a Classic Buffer Overflow, identified as CVE-2024-6918.

This vulnerability can be exploited remotely through port 2536/TCP, causing the application to crash and disrupting operations.

With a CVSS v3 score of 7.5, this high-severity issue requires immediate updates from the vendor and network access restrictions to mitigate risks.

7. Schneider Electric Modicon Controllers: Cross-Site Scripting

The Modicon Controllers used in industrial automation are vulnerable to Cross-Site Scripting (XSS), tracked as CVE-2024-6528.

This vulnerability enables attackers to inject malicious JavaScript into web pages, leading to unauthorized browser actions.

The CVSS score for this vulnerability is 5.4, indicating moderate severity but significant potential for exploitation in certain environments. Users must update to the latest versions of Modicon Controller firmware to remediate the issue.

8. Ossur Mobile Logic Application: Multiple Vulnerabilities

Ossur’s Mobile Logic Application is affected by three critical vulnerabilities: Exposure of Sensitive System Information (CVE-2024-53683), Command Injection (CVE-2024-54681), and Use of Hard-Coded Credentials (CVE-2024-45832).

These flaws could allow attackers to gain unauthorized access, inject malicious commands, and compromise data integrity. While the CVSS scores for these vulnerabilities vary from 2.0 to 5.6, collectively they pose significant risks.

Ossur recommends upgrading to version 1.5.5 or later to resolve these vulnerabilities effectively.

The new advisories from CISA serve as an urgent reminder of the vulnerabilities facing Industrial Control Systems.

Exploits targeting ICS can lead to severe consequences, including operational disruption, financial losses, and safety hazards.

Organizations operating affected systems should prioritize applying vendor-released updates, strengthen network segmentation, and employ vigilant system monitoring to detect potential attacks.

Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free



Source link