Cyble Research & Intelligence Labs (CRIL) analyzed 21 vulnerabilities in its weekly vulnerability report for the second week of July, including high severity flaws in products from Rockwell Automation, Microsoft and Johnson Controls.
The report also emphasized critical-severity vulnerabilities in Gogs, Rejetto and OpenSource Geospatial Foundation, which pose a significant threat.
A recent study led by Microsoft found that more than 80% of successful cyberattacks could have easily been prevented through timely patches and software updates. And with an estimate that the average computer needs about 76 patches per year from 22 different vendors, The Cyber Express each week partners with Cyble’s highly efficient dark web and threat intelligence to highlight critical security vulnerabilities that warrant urgent attention.
The Week’s Top Vulnerabilities
These are the three most critical vulnerabilities Cyble researchers focused on this week:
CVE-2024-39930: Gogs
Impact Analysis: A critical vulnerability in the built-in SSH server of Gogs versions through 0.13.0 that allows argument injection in internal/ssh/ssh.go, leading to remote code execution. Successful exploitation could lead to unauthorized access, data breaches, and complete compromise of the Gogs server potentially allowing attackers to run arbitrary commands, access or modify sensitive data, install malware, or use the server as a pivot point for further attacks on the network.
Internet Exposure? Yes
Patch? Yes
CVE-2023-2071: Rockwell Automation
Impact Analysis: This is a critical vulnerability in Rockwell Automation’s FactoryTalk View Machine Edition on PanelView Plus that allows an unauthenticated attacker to achieve remote code execution. Successful exploitation could lead to complete system compromise, allowing attackers to gain unauthorized access, steal sensitive data, or use the compromised system as a foothold for further attacks on the network.
Internet Exposure? NA
Patch? Yes
CVE-2023-29464: Rockwell Automation
Impact Analysis: This is a vulnerability in Rockwell Automation’s FactoryTalk Linx that allows an unauthorized attacker to achieve a denial-of-service (DoS) condition. The vulnerability stems from improper input validation, where the FactoryTalk Linx software fails to handle certain malformed packets properly. Exploitation of the vulnerability may lead to a DoS that could disrupt critical industrial control systems and processes that rely on FactoryTalk Linx for communication, potentially leading to operational downtime, production delays, and safety risks.
Internet Exposure? NA
Patch? Yes
CISA Adds 3 Vulnerabilities to KEV Catalog
Three of the vulnerabilities in the Cyble report were added to CISA’s Known Exploited Vulnerabilities (KEV) catalog:
- CVE-2024-23692, Rejetto HTTP File Server vulnerability with a 9.8 CVSSv3 criticality score
- CVE-2024-38080, a Microsoft Windows Hyper-V Elevation of Privilege vulnerability
with a 7.8 criticality rating that gives attackers SYSTEM privileges to the attacker - CVE-2024-38112, a Windows MSHTML Platform Spoofing vulnerability with a 7.8 criticality rating
The researchers observed multiple threat actors, including notable groups like LemonDuck, actively exploiting CVE-2024-23692 vulnerability to gain initial access to the infected system and deploy various malware.
The full report available for CRIL subscribers covers all these vulnerabilities and more, 5 advisories covering eight vulnerabilities specific to Industrial Control Systems (ICS) assets affecting the likes of Johnson Controls, Mitsubishi Electric and Delta Electronincs.