The Cybersecurity and Infrastructure Security Agency (CISA) has issued six new advisories concerning industrial control systems (ICS) on September 19, 2024.
These advisories highlight critical vulnerabilities in various ICS products, offering crucial information for users to safeguard their systems against potential threats.
Rockwell Automation RSLogix 5 And RSLogix 500
CISA’s advisory on Rockwell Automation’s RSLogix 5 and RSLogix 500 software reveals a significant vulnerability due to insufficient verification of data authenticity (CWE-345).
This flaw allows malicious actors to execute remote code by embedding VBA scripts in project files, which are automatically executed upon opening.
Meet the CISOs, Join the Virtual Panel to Learn compliance – Join Free
This vulnerability, identified as CVE-2024-7847, carries a CVSS v3.1 score of 7.7 and a CVSS v4 score of 8.8, indicating a high risk of exploitation.
IDEC PLCs
The advisory for IDEC PLCs identifies two vulnerabilities: cleartext transmission of sensitive information (CWE-319) and generation of predictable numbers or identifiers (CWE-340).
These vulnerabilities could enable attackers to intercept user authentication details or disrupt communications. The associated CVEs are CVE-2024-41927 and CVE-2024-28957, with CVSS v3.1 scores of 4.6 and 5.3, respectively.
IDEC CORPORATION WindLDR And WindO/I-NV4
IDEC’s WindLDR and WindO/I-NV4 software are affected by a vulnerability involving the cleartext storage of sensitive information (CWE-312).
This flaw could allow unauthorized access to user authentication data. The vulnerability is tracked as CVE-2024-41716 with a CVSS v3.1 score of 5.9.
MegaSys Computer Technologies Telenium Online Web Application
The MegaSys Telenium Online Web Application has been found vulnerable due to improper input validation (CWE-20).
This flaw allows attackers to inject arbitrary Perl code via crafted HTTP requests, potentially leading to remote code execution on the server.
The vulnerability is identified as CVE-2024-6404, with a high CVSS v3.1 score of 9.8 and a CVSS v4 score of 9.3.
Kastle Systems Access Control System
Kastle Systems’ Access Control System is affected by two vulnerabilities: the use of hard-coded credentials (CWE-798) and cleartext storage of sensitive information (CWE-312).
Both vulnerabilities could allow unauthorized access to sensitive data. They are tracked as CVE-2024-45861 and CVE-2024-45862, each with a CVSS v3.1 score of 8.6 and a CVSS v4 score above 9.
Treck TCP/IP Stack (Update I)
The Treck TCP/IP stack is plagued by multiple vulnerabilities, including improper handling of length parameter inconsistencies (CWE-130), improper input validation (CWE-20), and others such as double free (CWE-415) and out-of-bounds read (CWE-125).
These vulnerabilities can lead to remote code execution or exposure of sensitive information. Notably, several vulnerabilities have been assigned the maximum CVSS v3 score of 10.0, indicating critical risks.
In response to these advisories, CISA urges users and administrators to review the detailed technical guidance provided in each advisory to mitigate risks effectively.
Implementing recommended security practices is essential for protecting ICS assets from potential cyber threats.
Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN - 14-day free trial