CISA Releases Industrial Control Systems Advisories to Defend Against Cyber Attacks


The Cybersecurity and Infrastructure Security Agency (CISA) released eight new Industrial Control Systems (ICS) advisories. These advisories address pressing security issues, vulnerabilities, and exploits affecting ICS.

ICSA-24-268-01 OPW Fuel Management Systems SiteSentinel

A critical vulnerability in OPW Fuel Management Systems’ SiteSentinel, identified as CVE-2024-8310.

EHA

With a CVSS v4 score of 9.3, this vulnerability allows attackers to bypass authentication and gain full administrative privileges remotely, posing significant risks to critical infrastructure sectors such as energy and transportation.

The affected products include SiteSentinel versions before 17Q2.1.

Users are strongly advised to upgrade to version V17Q.2.1 and implement additional security measures, such as using Virtual Private Networks (VPNs) for remote access and conducting comprehensive risk assessments to mitigate potential exploitation.

ICSA-24-268-02 Alisonic Sibylla

CVE-2024-8630 was identified as a critical vulnerability in Alisonic’s Sibylla.

With a CVSS v4 score of 9.3, this SQL injection vulnerability allows remote attackers to access and manipulate the database, potentially obtaining sensitive information or administrator access.

All versions of the Sibylla automated tank gauge are affected, posing risks to transportation systems worldwide. Despite CISA’s coordination attempts, Alisonic has not responded.

Free Webinar on How to Protect Small Businesses Against Advanced Cyberthreats -> Free Registration

Users are advised to contact Alisonic for updates and implement robust security measures, including minimizing network exposure and using VPNs for secure remote access to mitigate potential exploitation.

ICSA-24-268-03 Franklin Fueling Systems TS-550 EVO

Franklin Fueling Systems’ TS-550 EVO Automatic Tank Gauge has a critical vulnerability labeled CVE-2024-8497.

This absolute path traversal vulnerability, with a CVSS v4 score of 8.7, allows remote attackers to gain administrative access by reading files arbitrarily.

Versions before 2.26.4.8967 are affected, posing risks to energy sector infrastructure worldwide.

Users are urged to update to version 2.26.4.8967 and implement security measures such as minimizing network exposure, using firewalls, and employing secure remote access methods like VPNs.

These steps are essential to mitigate the risk of exploitation and protect critical systems.

Multiple critical vulnerabilities in Dover Fueling Solutions’ ProGauge MAGLINK LX CONSOLE, present significant security risks.

These vulnerabilities include:

  1. Command Injection (CVE-2024-45066, CVE-2024-43693): These allow attackers to execute arbitrary commands on the system, potentially leading to full system control.
  2. Improper Privilege Management (CVE-2024-45373): This vulnerability enables attackers to escalate privileges, gaining unauthorized access to restricted functions.
  3. Use of Hard-Coded Passwords (CVE-2024-43423): Hard-coded passwords can allow attackers to gain unauthorized access without needing to crack or guess passwords.
  4. Authentication Bypass (CVE-2024-43692): This flaw allows attackers to bypass authentication mechanisms, accessing the system without valid credentials.
  5. Cross-Site Scripting (XSS) (CVE-2024-41725): This vulnerability permits attackers to inject malicious scripts into web pages viewed by other users, potentially stealing session cookies or other sensitive information.

These vulnerabilities have CVSS v4 scores up to 10.0, highlighting their severity.

They affect ProGauge MAGLINK LX CONSOLE versions 3.4.2.2.6 and prior, and LX4 CONSOLE versions 4.17.9e and prior.

Users are strongly urged to update to version 4.19.10 and implement robust security measures, such as firewalls and monitoring updates, to mitigate these risks and protect against potential exploitation.

ICSA-24-268-05 Moxa MXview One

Identified several vulnerabilities in Moxa’s MXview One and MXview One Central Manager Series, posing significant security risks.

These vulnerabilities include:

  1. Cleartext Storage of Sensitive Information (CVE-2024-6785): This vulnerability involves storing sensitive information in cleartext, which could allow attackers to expose local credentials.
  2. Path Traversal (CVE-2024-6786): This vulnerability enables attackers to write arbitrary files on the system, potentially executing malicious code.
  3. Time-of-Check Time-of-Use (TOCTOU) Race Condition (CVE-2024-6787): This race condition can be exploited to execute unauthorized actions during the time gap between checking a condition and using the result.

These vulnerabilities have a CVSS v4 score 6.8, indicating a moderate risk level. They affect MXview One Series 1.4.0 and prior and MXview One Central Manager Series 1.0.0.

To mitigate these risks, Moxa advises upgrading to the latest secure versions of their software.

Additionally, they recommend minimizing network exposure, changing default credentials, and implementing firewalls and VPNs to enhance security.

ICSA-24-268-06 OMNTEC Proteus Tank Monitoring

Identified a critical vulnerability in OMNTEC’s Proteus Tank Monitoring system, specifically the OEL8000III Series, labeled as CVE-2024-6981.

With a CVSS v4 score of 9.3, this vulnerability allows remote attackers to perform administrative actions without authentication.

The risk is significant, as exploitation could lead to unauthorized control over critical manufacturing systems deployed worldwide. OMNTEC has not yet responded to coordination requests.

CISA advises users to minimize network exposure, use firewalls, and secure remote access with VPNs.

Organizations should conduct thorough risk assessments and follow best practices for cybersecurity to mitigate potential exploitation risks.

ICSA-24-156-01 Uniview NVR301-04S2-P4 (Update A)

Uniview’s NVR301-04S2-P4 network video recorder was reported with cross-site scripting (XSS) vulnerability, identified as CVE-2024-3850.

With a CVSS v4 score of 5.1, this vulnerability allows attackers to execute malicious JavaScript in a user’s browser via a crafted URL.

Both authenticated and unauthenticated pages under the /LAPI/ directory are affected, though the scope is limited due to unavailable session data.

Public exploits are available, increasing the risk. Uniview advises users to update to version NVR-B3801.20.17.240507.

CISA recommends minimizing network exposure, using firewalls, and securing remote access with VPNs to mitigate potential exploitation.

ICSA-19-274-01 Interpeak IPnet TCP/IP Stack (Update E)

The attached file details several critical vulnerabilities affecting various real-time operating systems (RTOS) from vendors like ENEA, Green Hills Software, ITRON, IP Infusion, and Wind River.

These vulnerabilities have been assigned Common Vulnerabilities and Exposures (CVE) identifiers and include:

  1. Stack-based Buffer Overflow (CWE-121) – CVE-2019-12256: This vulnerability can be triggered by IPv4 packets with invalid options, potentially leading to remote code execution.
  2. Heap-based Buffer Overflow (CWE-122) – CVE-2019-12257: Occurs during the DHCP process, allowing heap memory overwriting and potential remote code execution.
  3. Integer Underflow (CWE-191) – CVE-2019-12255: Allows attackers to exploit TCP sessions, leading to buffer overflow and remote code execution.
  4. Improper Restriction of Operations within Memory Bounds (CWE-119) – CVE-2019-12260 and CVE-2019-12261: These can cause buffer overflows during network operations.
  5. Race Condition (CWE-362) – CVE-2019-12263: Involves concurrent execution issues that are hard to exploit but can lead to system crashes.
  6. Argument Injection (CWE-88) – CVE-2019-12258, CVE-2019-12262, CVE-2019-12264, CVE-2019-12265: These allow attackers to inject invalid segments or manipulate network sessions.
  7. NULL Pointer Dereference (CWE-476) – CVE-2019-12259: This can be exploited to crash network tasks by misassigning multicast IP addresses.

These vulnerabilities pose significant risks, including remote code execution and denial of service, affecting critical infrastructure sectors worldwide.

Users should contact vendors for specific patches and follow their advisories for mitigating controls.

Analyse AnySuspicious Links Using ANY.RUN's New Safe Browsing Tool: Try It for Free



Source link