The Cybersecurity and Infrastructure Security Agency (CISA) has released seven new advisories highlighting critical vulnerabilities in widely used Industrial Control Systems (ICS).
These vulnerabilities, if exploited, could allow attackers to compromise critical systems, execute arbitrary code, or cause large-scale operational disruptions.
The advisories cover systems deployed globally across industries such as healthcare, energy, manufacturing, transportation, and water systems.
Below is a detailed account of the reported vulnerabilities and their associated CVEs.
Leveraging 2024 MITRE ATT&CK Results for SME & MSP Cybersecurity Leaders – Attend Free Webinar
1. MOBATIME Network Master Clock
CVE-2024-12286 – The MOBATIME Network Master Clock – DTS 4801, deployed worldwide for time synchronization in healthcare and transportation, suffers from a critical vulnerability related to the use of default credentials (CWE-1392).
This allows attackers to remotely access the system via SSH and take full control of the operating system.
Firmware version 00020419.01.02020154 is affected. With a CVSS v4 score of 9.3, this vulnerability poses a severe risk to the operational integrity of time-critical systems.
2. Schneider Electric EcoStruxure Foxboro DCS Core Control Services
CVE-2024-5679 – An out-of-bounds write vulnerability in the Foxboro.sys driver could cause local denial of service or kernel memory leak. Malicious scripts designed to exploit this vulnerability have the potential to compromise system functionality.
CVE-2024-5680 – This vulnerability involves the improper validation of the array index in the Foxboro.sys driver, which can also cause a denial of service condition when exploited through malicious scripts.
CVE-2024-5681 – An improper input validation vulnerability could lead to privilege escalation or kernel execution by allowing attackers to craft malicious scripts. EcoStruxure Foxboro DCS versions 9.8 and prior are affected.
3. Schneider Electric FoxRTU Station
CVE-2024-2602 – A path traversal vulnerability (CWE-22) in the FoxRTU Station allows attackers to execute malicious project files, leading to remote code execution.
The vulnerability is present in all versions before 9.3.0 and poses a significant risk to the critical manufacturing, energy, and water sectors.
4. National Instruments LabVIEW
CVE-2024-10494 – An out-of-bounds read vulnerability in the HeapObjMapImpl function may allow attackers to disclose sensitive information or execute arbitrary code.
CVE-2024-10495 – Another out-of-bounds read occurs when loading the font table, enabling attackers to extract data or execute code.
CVE-2024-10496 – The BuildFontMap function also contains an out-of-bounds read vulnerability, further exposing LabVIEW systems to malicious activity. Versions Q3 (24.3f0) and prior are affected.
5. Horner Automation Cscape
CVE-2024-9508 – This vulnerability involves a memory corruption issue in Cscape that could lead to information disclosure or arbitrary code execution.
CVE-2024-12212 – An out-of-bounds read vulnerability resulting from insufficient validation of CSP files could also enable attackers to execute arbitrary code. Versions 10.0.363.1 and earlier are affected.
6. Rockwell Automation Arena
CVE-2024-11155 – A use-after-free vulnerability in Arena could lead to arbitrary code execution when malicious DOE files are processed.
CVE-2024-11156 – An out-of-bounds write vulnerability allows attackers to write beyond allocated memory, enabling the execution of arbitrary code.
CVE-2024-11158 – An improper initialization vulnerability causes Arena to access uninitialized variables, leading to potential exploitation.
CVE-2024-12130 – An out-of-bounds read vulnerability in Arena could also allow attackers to execute malicious code. Versions before 16.20.06 are affected.
7. Ruijie Reyee OS
CVE-2024-47547 – Ruijie Reyee OS has a weak password recovery mechanism that exposes authentication to brute force attacks.
CVE-2024-52324 – An inherently dangerous function in the OS can allow attackers to send malicious MQTT messages, leading to arbitrary OS command execution.
CVE-2024-48874 – A server-side request forgery (SSRF) vulnerability could allow attackers to perform unauthorized internal network requests, including accessing sensitive cloud infrastructure.
CVE-2024-42494 – Sensitive personal information is exposed to unauthorized actors, potentially leading to data exfiltration.
CISA’s advisories reveal the growing vulnerabilities in Industrial Control Systems that underpin critical infrastructure globally. These flaws, varying in severity, highlight the increasing sophistication of cyberattacks targeting operational technology.
Organizations are urged to update firmware, secure access credentials, and implement appropriate network protections to mitigate these risks.
Protecting ICS environments is more critical than ever as attackers exploit vulnerabilities to disrupt essential services and operations.
Investigate Real-World Malicious Links,Malware & Phishing Attacks With ANY.RUN - Try for Free