CISA Releases Six Advisories for Industrial Control Systems


The Cybersecurity and Infrastructure Security Agency (CISA) has issued six advisories concerning vulnerabilities:

  • Rockwell Automation’s RSLogix 5 and RSLogix 500 software,
  • IDEC PLCs,
  • IDEC CORPORATION WindLDR and WindO/I-NV4,
  • MegaSys Computer Technologies Telenium Online Web Application,
  • Kastle Systems Access Control System
  • Treck TCP/IP (Update I).

These advisories highlight critical industrial control system vulnerabilities.

Rockwell Automation’s RSLogix 5 and RSLogix 500 software

Rockwell Automation’s RSLogix 5 and RSLogix 500 software are vulnerable due to insufficient verification of data authenticity, identified as CVE-2024-7847.

– Advertisement –
EHA

This vulnerability has a CVSS v4 score of 8.8, indicating high severity. It is exploitable locally with high attack complexity.

The flaw allows an attacker to embed a malicious VBA script within a project file, which can execute without user intervention upon opening.

This could enable remote code execution, posing significant risks. All versions of RSLogix 500, RSLogix Micro Developer and Starter, and RSLogix 5 are affected, requiring urgent attention to mitigate potential exploitation.

 IDEC PLCs

IDEC Corporation’s PLCs are affected by vulnerabilities involving the cleartext transmission of sensitive information and the generation of predictable identifiers.

With a CVSS v3 score of 5.3, these issues present moderate risk and low attack complexity. Exploitation could lead to unauthorized access to user authentication data or communication disruptions.

Affected products include the FC6A and FC6B Series MICROSmart All-in-One and CPU modules (versions 2.60 and prior) and the FT1A Series SmartAXIS Pro/Lite (versions 2.41 and prior).

CVE-2024-41927 addresses the cleartext vulnerability, while CVE-2024-28957 pertains to predictable identifiers, highlighting the need for prompt mitigation measures.

IDEC CORPORATION WindLDR and WindO/I-NV4

IDEC Corporation’s WindLDR and WindO/I-NV4 software are vulnerable due to the cleartext storage of sensitive information, identified as CVE-2024-41716.

This vulnerability has a CVSS v3 score of 5.9, indicating a moderate risk level. It is exploitable remotely, and successful exploitation could allow attackers to obtain sensitive user authentication information.

Affected versions include WindLDR version 9.1.0 and prior and WindO/I-NV4 version 3.0.1 and prior.

The vulnerability, categorized under CWE-312, highlights the importance of addressing cleartext storage issues to protect sensitive data from unauthorized access and potential exploitation by threat actors.

Decoding Compliance: What CISOs Need to Know – Join Free Webinar

MegaSys Computer Technologies Telenium Online Web Application

MegaSys Computer Technologies’ Telenium Online Web Application is affected by a critical vulnerability due to improper input validation, identified as CVE-2024-6404.

With a CVSS v4 score of 9.3, this issue is highly severe, and exploitable remotely with low attack complexity.

The vulnerability allows attackers to inject arbitrary Perl code through crafted HTTP requests, potentially leading to remote code execution on the server.

Versions 8.3 and before the Telenium Online Web Application are affected. This flaw, categorized under CWE-20, underscores the need for robust input validation to prevent unauthorized code execution and protect server integrity.

Kastle Systems Access Control System

Kastle Systems’ Access Control System is vulnerable due to hard-coded credentials and cleartext storage of sensitive information, identified as CVE-2024-45861 and CVE-2024-45862.

With a CVSS v4 score of 9.2, these vulnerabilities are highly severe, exploitable remotely, and low in attack complexity.

Firmware versions before May 1, 2024, are affected. Hard-coded credentials (CWE-798) could allow unauthorized access to sensitive information, while cleartext storage (CWE-312) further exposes data to potential attackers.

These issues highlight the critical need for secure credential management and data protection practices in access control systems.

Treck TCP/IP (Update I)

The Ripple20 vulnerabilities are a series of critical security flaws discovered in the Treck TCP/IP stack, widely used across various devices and industries.

These vulnerabilities can allow remote code execution, data breaches, and other severe impacts.

Below is a detailed look at each vulnerability, categorized by their Common Vulnerabilities and Exposures (CVE) identifiers.

CVE-2020-11896: Improper Handling of Length Parameter Inconsistency (CWE-130)

This vulnerability affects the IPv4/UDP component, where improper handling of length parameters can lead to remote code execution. It has a CVSS v3 score of 10.0, indicating critical severity.

CVE-2020-11897: Improper Handling of Length Parameter Inconsistency (CWE-130)

Similar to CVE-2020-11896, this flaw affects the IPv6 component, potentially causing out-of-bounds writes. It also has a CVSS v3 score of 10.0.

CVE-2020-11898: Improper Handling of Length Parameter Inconsistency (CWE-130)

This affects the IPv4/ICMPv4 component and can result in out-of-bounds reads. The CVSS v3 score is 9.1.

CVE-2020-11899: Improper Input Validation (CWE-20)

Found in the IPv6 component, this vulnerability allows out-of-bounds reads and possible denial of service attacks. Its CVSS v3 score is 5.4.

CVE-2020-11900: Double Free (CWE-415)

This issue in the IPv4 tunneling component can lead to use-after-free conditions. It has a CVSS v3 score of 8.2.

CVE-2020-11901: Improper Input Validation (CWE-20)

Affects the DNS resolver component, enabling remote code execution with a CVSS v3 score of 9.0.

CVE-2020-11902: Improper Input Validation (CWE-20)

This vulnerability in IPv6 over IPv4 tunneling allows out-of-bounds reads, with a CVSS v3 score of 7.3.

CVE-2020-11903: Out-of-Bounds Read (CWE-125)

Found in the DHCP component, it may expose sensitive information. The CVSS v3 score is 5.3.

Remaining Vulnerabilities

The remaining vulnerabilities include issues like integer overflow (CVE-2020-11904), improper null termination (CVE-2020-11908), and improper access control (CVE-2020-11911), among others. Each presents varying degrees of risk, with CVSS scores ranging from 3.1 to 5.6.

To mitigate these vulnerabilities, organizations must update their systems with patches provided, implement network segmentation, and monitor network traffic for unusual activities.

Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN - 14-day free trial



Source link