CISA Releases Multiple ICS Advisories Detailing Exploits & Vulnerabilities

   December 6, 2024  Posted in CyberSecurityNews


The Cybersecurity and Infrastructure Security Agency (CISA) issued two critical Industrial Control Systems (ICS) advisories on December 5, 2024.

With these advisories the Cybersecurity and Infrastructure Security Agency (CISA) shedding light on current security issues, vulnerabilities, and exploits in ICS environments.

These advisories are:-

  • ICSA-24-340-01
  • ICSA-24-340-02

Experts at the CISA discovered that the advisories are mainly focus on “AutomationDirect C-More EA9 Programming Software” and “Planet Technology Planet WGS-804HPT,” respectively.

Free Webinar on Best Practices for API vulnerability & Penetration Testing:  Free Registration

AutomationDirect C-More EA9 Programming Software

The C-More EA9 Programming Software, versions 6.78 and prior, are affected by multiple stack-based buffer overflow vulnerabilities. These vulnerabilities, identified as CVE-2024-11609, CVE-2024-11610, and CVE-2024-11611, all carry a CVSS v4 base score of 8.4, indicating a high severity level.

Successful exploitation of these vulnerabilities could lead to:-

The vulnerabilities stem from improper handling of input files, allowing attackers to execute arbitrary code remotely.

AutomationDirect recommends updating C-MORE EA9 HMI to version 6.79. If immediate updates are not feasible, several interim measures are suggested:-

  • Isolating engineering workstations
  • Implementing strict access controls
  • Applying application whitelisting
  • Enhancing endpoint security
  • Monitoring and logging system activities
  • Hardening workstations
  • Conducting regular risk assessments

Planet Technology Planet WGS-804HPT

The Planet WGS-804HPT industrial switch, version v1.305b210531, is affected by three critical vulnerabilities:-

  1. Stack-based Buffer Overflow (CVE-2024-48871)
  2. OS Command Injection (CVE-2024-52320)
  3. Integer Underflow (CVE-2024-52558)

The first two vulnerabilities have a CVSS v4 base score of 9.3, while the integer underflow vulnerability has a score of 6.9.

These vulnerabilities could allow unauthenticated attackers to:-

  • Execute remote code
  • Inject malicious commands
  • Crash the system

The vulnerabilities are exploitable through malformed HTTP requests, posing a significant risk to affected systems.

Planet Technology recommends upgrading to version 1.305b241111 or later. CISA also advises users to:-

  • Minimize network exposure for control system devices
  • Implement firewalls and isolate control systems from business networks
  • Use secure remote access methods like VPNs
  • Perform impact analysis and risk assessment before deploying defensive measures

These ICS advisories underscore the critical importance of promptly addressing vulnerabilities in industrial control systems to maintain the security and integrity of critical infrastructure sectors worldwide.

Analyse Real-World Malware & Phishing Attacks With ANY.RUN - Get up to 3 Free Licenses



Source link