New CISA Advisories Highlight Vulnerabilities in Top ICS Products


It is important for users and administrators of ICS systems to take steps to mitigate the vulnerabilities identified in the CISA advisories.

The Cybersecurity and Infrastructure Security Agency (CISA) released nineteen Industrial Control Systems (ICS) advisories on October 12, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

The advisories cover a wide range of ICS products and vendors, including Siemens, Mitsubishi Electric, Hikvision, and Schneider Electric. The vulnerabilities identified in the advisories range in severity from low to critical. Some of the vulnerabilities could allow attackers to gain unauthorized access to ICS systems, disrupt operations, or even cause physical issues.

CISA encourages users and administrators of ICS systems to review the newly released advisories for technical details and mitigations. Here are some of the key vulnerabilities identified in the CISA advisories:

  • Siemens SIMATIC CP products: This vulnerability could allow an attacker to gain unauthorized access to ICS systems through a remote code execution attack.
  • Siemens SCALANCE W1750D: This vulnerability could allow an attacker to gain unauthorized access to ICS systems through a buffer overflow attack.
  • Siemens SICAM A8000 Devices: This vulnerability could allow an attacker to gain unauthorized access to ICS systems through a SQL injection attack.
  • Mitsubishi Electric MELSEC-F Series: This vulnerability could allow an attacker to gain unauthorized access to ICS systems through a cross-site scripting (XSS) attack.
  • Hikvision Access Control and Intercom Products: This vulnerability could allow an attacker to gain unauthorized access to ICS systems through a buffer overflow attack.
  • Schneider Electric IGSS: This vulnerability could allow an attacker to gain unauthorized access to ICS systems through a SQL injection attack.
ICSA-23-285-08 Siemens SINEC NMS
ICSA-23-285-15 Advantech WebAccess
ICSA-23-285-06 Siemens SICAM PAS/PQS
ICSA-23-285-16 Schneider Electric IGSS
ICSA-23-285-02 Siemens SCALANCE W1750D
ICSA-23-285-07 Siemens RUGGEDCOM APE180
ICSA-23-285-05 Siemens Simcenter Amesim
ICSA-23-285-12 Weintek cMT3000 HMI Web CGI
ICSA-23-285-03 Siemens SICAM A8000 Devices
ICSA-23-285-01 Siemens SIMATIC CP products
ICSMA-23-285-02 Santesoft Sante FFT Imaging
ICSA-23-285-04 Siemens Xpedition Layout Browser
ICSMA-23-285-01 Santesoft Sante DICOM Viewer Pro
ICSA-23-243-03 PTC Kepware KepServerEX (Update A)
ICSA-23-285-10 Siemens Tecnomatix Plant Simulation 
ICSA-23-285-13 Mitsubishi Electric MELSEC-F Series
ICSA-23-285-11 Siemens Mendix Forgot Password Module
ICSA-23-285-14 Hikvision Access Control and Intercom Products
ICSA-23-285-09 Siemens CPCI85 Firmware of SICAM A8000 Devices

CISA recommends that users and administrators of ICS systems take the following steps to mitigate these vulnerabilities:

  • Monitor ICS systems for suspicious activity.
  • Develop and implement an incident response plan.
  • Apply security patches from vendors as soon as they are available.
  • Implement a layered security approach that includes network segmentation, firewalls, and intrusion detection systems.

ICS systems are used to control critical infrastructure, such as power grids, water treatment systems, and transportation networks. A successful cyber attack on an ICS system could have devastating consequences.

It is important for users and administrators of ICS systems to take steps to mitigate the vulnerabilities identified in the CISA advisories. In addition to the steps recommended by CISA, organizations that operate ICS systems should also consider the following:

  • Conduct regular security assessments of ICS systems to identify and address vulnerabilities.
  • Develop and implement a security awareness training program for employees who use ICS systems.
  • Keep ICS systems isolated from the internet and other untrusted networks.
  • Use strong passwords and enable multi-factor authentication for all ICS systems.

By taking these steps, organizations can protect their ICS systems from cyberattacks, especially the increasingly prevalent cybersecurity threat of ransomware attacks, and minimize the risk of disruption to their operations.

  1. CISA Publishes List of Free Cybersecurity Tools and Services
  2. Major ransomware attack cripples largest gas pipeline in the US
  3. GreyEnergy: New malware targeting energy sector with espionage
  4. Siemens ALM 0-Day Vulnerabilities Posed Full Remote Takeover Risk
  5. Crit.IX: Flaws in Honeywell Experion DCS, Posing Risk to Critical Industries





Source link