Cyble Research & Intelligence Labs (CRIL) has shared its weekly ICS vulnerability report, highlighting multiple vulnerabilities affecting industrial control systems (ICS). This weekly industrial control system vulnerability blog emphasizes the critical need for quick action in mitigating these threats.
The findings were released by the Cybersecurity and Infrastructure Security Agency (CISA) for the week of October 15 to October 21, 2024, detailing 13 vulnerabilities spanning several well-known manufacturers, including Siemens and Schneider Electric.
ICS Vulnerability Report Sheds Light on Major Flaws
During the specified period, CISA published seven security advisories that spotlighted vulnerabilities across multiple companies, namely Siemens, Schneider Electric, Elvaco, Mitsubishi Electric, HMS Networks, Kieback&Peter, and LCDS – Leão Consultoria e Desenvolvimento de Sistemas Ltda ME. Among these, Elvaco reported four vulnerabilities, while Kieback&Peter highlighted three.
Particular attention is drawn to vulnerabilities impacting the Elvaco CMe3100 and Kieback&Peter DDC4000 Series. The Elvaco CMe3100, a compact communication gateway designed for remote energy meter reading, has been exposed online in numerous instances—1,186 to be exact – primarily located in Sweden, according to Cyble’s ODIN scanner. In contrast, Kieback&Peter’s DDC4000 Series, utilized predominantly in HVAC management, has shown eight instances that require immediate action.
Detailed Vulnerability Insights
The vulnerabilities reported offer essential insights that organizations should prioritize when planning their patching efforts. Among the critical vulnerabilities identified are:
- CVE-2024-3506: This medium-severity vulnerability affects Siemens’ Siveillance Video Camera. All versions prior to V13.2 are susceptible to a classic buffer overflow, potentially compromising physical access controls and CCTV operations.
- CVE-2023-8531: Schneider Electric’s Data Center Expert is vulnerable in versions 8.1.1.3 and earlier. This high-severity flaw involves improper verification of cryptographic signatures, impacting various control systems including DCS, SCADA, and BMS.
- CVE-2024-49396 and CVE-2024-49398: Elvaco’s CMe3100, particularly version 1.12.1, faces critical risks from insufficiently protected credentials (CVE-2024-49396) and the unrestricted upload of dangerous file types (CVE-2024-49398).
- CVE-2024-41717: Kieback&Peter’s DDC4002 and related versions encounter a critical path traversal vulnerability, which could significantly impact field controllers and IoT devices.
These findings highlight a troubling trend in the ICS sector, where high-severity vulnerabilities are increasingly prevalent. Organizations must remain vigilant and adopt robust mitigation strategies in response to these flaws highlighted in the weekly ICS vulnerability report.
Recommendations for Enhanced Cybersecurity
In light of the vulnerabilities highlighted in the weekly industrial control system vulnerability blog, Cyble Research & Intelligence Labs (CRIL) recommends that organizations actively monitor security advisories, adopt a risk-based vulnerability management approach with a Zero-Trust framework, and enhance patch management by tracking critical vulnerabilities in CISA’s Known Exploited Vulnerabilities (KEV) catalog.
Additionally, organizations should develop comprehensive patch strategies that include inventory management, assessment, testing, deployment, and verification of patches, employing automation for greater efficiency. Effective network segmentation is essential to limit lateral movement of attackers, while ongoing audits, vulnerability assessments, and penetration testing are crucial for identifying and addressing security gaps.
Establishing continuous monitoring and logging capabilities will allow for early detection of network anomalies, and leveraging a Software Bill of Materials (SBOM) can improve visibility into software components and their vulnerabilities. With significant threats facing major vendors like Siemens and Schneider Electric, it is important for businesses to adopt these proactive measures to enhance their cybersecurity and protect critical infrastructure.
Related