The US Cybersecurity and Infrastructure Security Agency (CISA) has urged critical infrastructure organizations to address vulnerabilities affecting nine industrial control systems (ICS) products.
The report, dated January 11, 2024, highlighted a series of high and critical severity vulnerabilities in products widely used in sectors like energy, manufacturing and transportation.
Users and administrators in these sectors are encouraged to review the advisories for technical details and mitigations.
Rapid Software LLC Rapid SCADA – CVSS 9.6 (Critical)
Impacting a Rapid Software product used in the energy and transportation sectors are seven vulnerabilities that could result in threat actors targeting organizations in a variety of ways.
These include reading sensitive files from the Rapid Scada server, writing files to the Rapid Scada directory to achieve code execution and gaining access to sensitive systems via legitimate-seeming phishing attacks.
CISA said that Rapid Software did not respond to its attempts at coordination. Users of Rapid SCADA are encouraged to contact Rapid Software and keep their systems up to date.
Horner Automation Cscape – CVSS 7.8 (High)
This stack-based buffer overflow vulnerability affects the Cscape product versions 9.90 SP10 and prior, which are used by critical manufacturing firms.
There is a low attack complexity, and successful exploitation can enable attackers to execute arbitrary code.
Customers are urged to apply v9.90 SP11 or the latest version of the Cscape software to mitigate this vulnerability.
Schneider Electric Easergy Studio – CVSS 7.8 (High)
This deserialization of untrusted data vulnerability affects Easergy Studio versions prior to v9.3.5, a power relay protection control software used by energy companies worldwide.
Successful exploitation can allow a threat actor to gain full control of a workstation.
It has a low attack complexity, and users should apply v9.3.6, which contains a fix for the vulnerability.
Read here: Five ICS Security Challenges and How to Overcome Them
Siemens Teamcenter Visualization and JT2Go – CVSS 7.8 (High)
These four vulnerabilities affect two Siemens products used in the critical manufacturing industry.
They facilitate out-of-bounds read, NULL pointer deference and stack-based buffer overflow exploits.
Customers are urged to update JT2Go and Teamcenter Visualization products to the latest software to mitigate these risks. Users are also recommended to avoid opening untrusted CGM files in the two products.
Siemens Spectrum Power 7 – CVSS 7.8 (High)
Affecting all Spectrum Power 7 versions prior to V23Q4, this incorrect permission assignment for critical resource vulnerability can allow an authenticated local attacker to inject arbitrary code and gain root access. There is a low attack complexity.
Critical manufacturing firms using this product are recommended to update to V23Q4 or a later version to mitigate the risk posed.
Siemens SICAM A8000 – CVSS 6.6 (Medium)
This vulnerability can allow an authenticated remote attacker to inject commands that are executed on the device with root privileges during device startup.
It impacts the Siemens products CP-8031 MASTER MODULE (6MF2803-1AA00) and CP-8050 MASTER MODULE (6MF2805-0AA00) versions prior to CPCI85 V05.20.
Siemens has informed critical manufacturing customers of several workarounds and mitigations that can reduce the risk.
These mitigations include reviewing the users that have permission to modify the network configuration and apply strong passwords and updating products to CPCI85 V05.20 or later version.
Siemens SIMATIC CN 4100 – CVSS 9.8 (Critical)
These three vulnerabilities are exploitable remotely and has a low attack complexity.
Impacting versions prior to V2.7, they enable authorization bypass through user-controlled key, improper input validation and use of default credentials.
Successful exploitation can allow an attacker to remotely login as root or cause denial of service condition of the device.
SIMATIC CN 4100 customers in the critical manufacturing industry should update to V2.7 or later version.
Siemens SIMATIC – CVSS 10 (Critical)
Successful exploitation of this vulnerability, which affect several SIMATIC products with maxView Storage Manager on Windows, can enable attackers to obtain remote unauthorized access.
Critical manufacturing firms using SIMATIC IPC647E, SIMATIC IPC847E and SIMATIC IPC1047E should update maxView Storage Manager to V4.14.00.26068 or later version to mitigate the risk.
Siemens Solid Edge – CVSS 7.8 (High)
All versions prior to V223.0 Update 10 are at risk of heap-based buffer overflow, out of bounds write, stack-based buffer overflow and access of uninitialized pointer while parsing specially crafted PAR files through 11 vulnerabilities.
These vulnerabilities can enable an attacker to execute code in the context of the current process, with a low attack complexity.
Siemens have urged critical manufacturing customers to update to V223.0 Update 10 or later version and avoid opening untrusted files from unknown sources in Solid Edge.
Essential Cybersecurity Practices for ICS Systems
CISA also provided the following advice to critical infrastructure organizations using ICS:
- Keep systems up-to-date with new updates
- Minimize network exposure for all control system devices
- Isolate control system networks from business networks
- Use secure methods, such as virtual private networks (VPNs) when remote access is required
CISA added that it will no longer be updating ICS security advisories for Siemens product vulnerabilities as of January 10, 2024, beyond the initial advisory.