CISA Releases Seven Critical ICS Advisories to Address Vulnerabilities in Industrial Control Systems
2024-11-26 19:0:52 Author: cyble.com(查看原文) 阅读量:4 收藏

Overview

The Cybersecurity and Infrastructure Security Agency (CISA) published seven detailed security advisories to address critical vulnerabilities in various Industrial Control Systems (ICS).

These advisories cover a range of products, from web-based control servers to automated management systems, and highlight security risks that could compromise the integrity and functionality of ICS used across various sectors.

The released advisories focus on several key products, with each alert providing specific technical details about the vulnerabilities, their risk ratings, and the corresponding mitigations. The advisories include:

  1. ICSA-24-326-01 – Automated Logic WebCTRL Premium Server
  2. ICSA-24-326-02 – OSCAT Basic Library
  3. ICSA-24-326-03 and ICSA-24-326-04 – Schneider Electric Modicon M340, MC80, and Momentum Unity M1E
  4. ICSA-24-326-05 – Schneider Electric EcoStruxure IT Gateway
  5. ICSA-24-326-06 – Schneider Electric PowerLogic PM5300 Series
  6. ICSA-24-326-07 – mySCADA myPRO Manager

Each security advisory provides critical information on vulnerabilities that could be exploited remotely or locally and highlights potential consequences such as unauthorized access, service disruptions, and the compromise of sensitive data.

Key Vulnerabilities and Mitigations

Automated Logic WebCTRL Server Vulnerabilities

The Automated Logic WebCTRL Premium Server has been found to contain two serious vulnerabilities: CVE-2024-8525 (unrestricted file upload) and CVE-2024-8526 (URL redirection). These vulnerabilities affect WebCTRL, Carrier i-Vu, and SiteScan Web servers, allowing unauthenticated users to upload potentially malicious files or redirect users to harmful sites. These issues could lead to remote code execution or data exposure. CISA recommends updating to the latest version of WebCTRL and using firewalls and VPNs to limit system exposure.

OSCAT Basic Library

The OSCAT Basic Library vulnerability (CVE-2024-6876) is related to an out-of-bounds read issue, which can be exploited by local attackers to read internal PLC data, possibly causing system crashes. The advisory emphasizes updating to OSCAT Basic Library version 3.3.5 to resolve this issue and ensuring proper validation of inputs in PLC programs to mitigate the risk of exploitation.

Schneider Electric Modicon M340, MC80, and Momentum Unity M1E

A series of vulnerabilities in Schneider Electric’s Modicon M340, MC80, and Momentum Unity M1E controllers (CVE-2024-8933 and others) expose the systems to various attacks. These include message integrity issues, authentication bypass, and improper memory buffer handling, which could lead to service disruptions, password hash exposure, or even a complete system compromise.

The advisories strongly recommend network segmentation, firewall application, and ensuring the activation of memory protection on M340 CPUs to prevent unauthorized access.

Schneider Electric EcoStruxure IT Gateway

The EcoStruxure IT Gateway is vulnerable to a missing authorization issue, which could allow unauthorized access to connected systems. This flaw, present in versions 1.21.0.6 through 1.23.0.4, is rated with a CVSS score of 10.0. CISA urges users to update to version 1.23.1.10 and to secure systems by isolating networks and implementing firewalls for access control.

Schneider Electric PowerLogic PM5300 Series

The PowerLogic PM5300 Series from Schneider Electric suffers from an uncontrolled resource consumption issue caused by IGMP packet overload. This vulnerability, found in versions prior to 2.4.0 for PM5320 and 2.6.6 for PM5341, can result in communication losses and device unresponsiveness.

To mitigate this, CISA recommends updating the devices or enabling IGMP snooping, configuring VLAN interfaces, and employing multicast filtering. Additionally, applying best practices such as isolating control systems behind firewalls and using secure remote access methods is essential.

mySCADA myPRO Manager

The myPRO Manager from mySCADA has been found to contain multiple vulnerabilities, including OS command injection, improper authentication, and path traversal. These flaws, present in versions before 1.3 of the Manager and 9.2.1 of the Runtime, are extremely critical, with CVSS scores as high as 10.0 for OS command injection.

Attackers exploiting these vulnerabilities could gain remote access, execute arbitrary commands, and disrupt system operations. Users are advised to update to the latest versions (1.3 and 9.2.1) and secure their systems by implementing network isolation and VPNs for remote access.

Recommendations and Mitigations

In addition to addressing specific vulnerabilities, CISA’s advisories emphasize a set of best practices to protect ICS from potential threats:

  • Firewalls and Virtual Private Networks (VPNs) are crucial for controlling access to ICS networks and limiting exposure to remote threats.
  • Isolating ICS networks from general IT networks is key to minimizing risks from external attacks.
  • Keeping systems up to date with the latest security patches is critical to defending against known vulnerabilities.
  • CISA encourages organizations to conduct impact assessments and apply appropriate cybersecurity strategies before patching systems.

Conclusion

As cyberattacks on industrial control systems continue to rise, CISA’s release of these ICS advisories highlights the critical need for proactive security measures.

To protect their assets and ensure operational continuity, organizations must stay informed about the latest security vulnerabilities, follow best practices, and promptly implement CISA’s recommended solutions.

With cyber threats‘ growing sophistication and interconnectivity, staying up to date on security advisories has never been more important for protecting critical infrastructure.

Sources:

Related


文章来源: https://cyble.com/blog/cisa-ics-security-advisories/
如有侵权请联系:admin#unsafe.sh