Generic filters
Exact matches only
Search in title
Search in content
Filter by Custom Post Type
Posts
Filter by Categories







[CVSS 9+] CISA Releases Nineteen Advisories for Industrial Control Systems

Executive Summary

CISA has released a total of 19 industrial control system advisories, covering multiple vendors. The advisories include vulnerabilities in Siemens, Weintek, Mitsubishi Electric and other products.

Here is a summary of the advisories by vendor:

These advisories highlight the importance of implementing necessary security measures to protect industrial control systems from potential exploitation.

Please see below for more information about each advisory.

ICSA-23-285-02 Siemens SCALANCE W1750D

Risk Evaluation: Vulnerabilities in SCALANCE W1750D could lead to sensitive information disclosure, denial of service, and remote code execution.

Vulnerabilities:

Mitigations: Siemens has released an update (V8.10.0.6) and recommends users update to the latest version. Additional mitigations include restricting access, blocking specific ports, and enabling cluster security. It is also recommended to follow Siemens’ operational guidelines for industrial security.


ICSA-23-285-09 Siemens CPCI85 Firmware of SICAM A8000 Devices

Risk Evaluation: Successful exploitation of this vulnerability could allow an attacker with knowledge of the corresponding credential to login to the device via SSH.

Vulnerability: Use of hard-coded credentials tracked as CVE-2023-36380 with a CVSS score of 9.8.

Mitigations: Please follow the workarounds provided by Siemens.


ICSA-23-285-10 Siemens Tecnomatix Plant Simulation

Risk Evaluation: Successful exploitation of these vulnerabilities could allow an attacker to perform code execution after leading a user to open a specially crafted SPP file on a system running an affected product.

Vulnerabilities:

Mitigations: Please follow the workarounds Siemens provided to reduce the risk.


ICSA-23-285-01 Siemens SIMATIC CP products

Risk Evaluation: Exploitation of vulnerabilities in SIMATIC CP products could lead to code execution, unauthorized access to the PROFINET network, and denial of service attacks.

Vulnerabilities:

Mitigations: Siemens recommends restricting access to trusted individuals, avoiding additional account configurations, and following their operational guidelines for industrial security.


ICSA-23-285-04 – ICSA-23-285-04 – Siemens Xpedition Layout Browser

Risk Evaluation: An attacker could leverage this vulnerability to execute malicious code in the context of the current process.

Vulnerability: The specific vulnerability is a “Stack-Based Buffer Overflow” (CWE-121), identified by CVE-2023-30900 with a CVSS score of 7.8.

Mitigations: Siemens recommends the following mitigations for this issue:

No known public exploitation specifically targeting this vulnerability has been reported to CISA, and this vulnerability is not exploitable remotely.


ICSA-23-285-03 – ICSA-23-285-03 – Siemens SICAM A8000 Devices

Risk Evaluation: Successful exploitation of this vulnerability could allow an attacker to traverse directories, download arbitrary files, or escalate privileges.

Vulnerability: The vulnerability is identified as an “Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)” (CWE-22)and tracked under CVE-2023-42796 with a CVSS score of 7.5.

Mitigations: Siemens has provided the following mitigations for this issue:


ICSA-23-285-05 Siemens Simcenter Amesim Risk Evaluation: Successful exploitation of this vulnerability could allow an attacker to perform DLL injection and execute arbitrary code in the context of the affected application process. Vulnerability Overview: Code Injection, tracked as CVE-2023-43625 with a CVSS score of 8.0. Mitigations: Siemens recommends updating to V2021.1 or later versions. As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms.


ICSA-23-285-06 Siemens SICAM PAS/PQS

Risk Evaluation: Successful exploitation of this vulnerability could allow an attacker to gain persistence or potentially escalate privileges in the context of the application process.

Vulnerability: Incorrect Permission Assignment for Critical Resource tracked as CVE-2023-38640 with a CVSS score of 6.6.

Mitigations: Siemens recommends installing the Security Patch for versions V8.00 to V8.21 or updating to V8.22 or later versions. Additionally, they suggest limiting access to the web management interface and adopting best practices, including closing the browser after a logout. For more information, see the associated Siemens security advisory SSA-035466 in HTML and CSAF.


ICSA-23-285-07 Siemens RUGGEDCOM APE1808

Risk Evaluation: Successful exploitation of these vulnerabilities could allow an authenticated attacker to execute arbitrary SQL queries or injected code.

Vulnerabilities:

Mitigations: Siemens recommends using internal firewall features to limit access to the web management interface and adopting best practices, including closing the browser after a logout. For more information, see the associated Siemens security advisory SSA-647455 in HTML and CSAF.


ICSA-23-285-08 Siemens SIMATIC WinCC OA

Risk Evaluation: This advisory identifies multiple vulnerabilities in Siemens’ SIMATIC WinCC OA system, which could be exploited by an attacker to perform various malicious actions on the affected system.

Vulnerabilities:

  • Incorrect Permission Assignment for Critical Resource tracked as CVE-2022-30527 – with a CVSS score of 7.8.
  • Cross Site Scripting tracked as CVE-2023-44315 with a CVSS score of 4.7.

Mitigations: Siemens advises users to update to version 3.18 or later and implement necessary security measures to protect network access.


ICSA-23-285-11 ICSA-23-285-11 – Siemens Mendix Forgot Password Module

Risk Evaluation: Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to determine if a user is valid or not, enabling a brute force attack with valid users.

Vulnerability: Observable Discrepancy CWE-203 tracked as CVE-2023-43623 with a CVSS score of 5.3.

Mitigations: Siemens recommends applying the provided updates.

ICSA-23-285-12 Weintek cMT3000 HMI Web CGI

Risk Evaluation: Successful exploitation of these vulnerabilities could allow an attacker to hijack control flow and bypass login authentication or execute arbitrary commands.

Vulnerabilities:

Mitigations: Please follow the update instructions provided by Weintek.

ICSA-23-285-13 Mitsubishi Electric MELSEC-F Series

Risk Evaluation: Successful exploitation of this vulnerability may allow a remote attacker to obtain sequence programs from the product, write malicious sequence programs, or improper data in the product without authentication.

Vulnerability: Improper Authentication CWE-287 tracked as CVE-2023-4562 with a CVSS score of 9.1.

Mitigations: Please follow the instructions provided by Mitsubishi.

ICSA-23-285-16 – Schneider Electric IGSS

Risk Evaluation: Successful exploitation of these vulnerabilities could allow arbitrary code execution or result in a loss of control of the SCADA system.

Vulnerability: Missing Authentication for Critical Function tracked as CVE-2023-4516 with a CVSS score of 7.8.

Mitigations: Schneider Electric has provided version 16.0.0.23212 of Update Service to address these vulnerabilities. No known public exploitation targeting these vulnerabilities had been reported to CISA at the time of these advisories.

ICSMA-23-285-01 – Santesoft Sante DICOM Viewer Pro

Risk Evaluation: Successful exploitation of these vulnerabilities could allow an attacker to disclose information and execute arbitrary code.

Risk Evaluation: Successful exploitation of these vulnerabilities could allow an attacker to disclose information and execute arbitrary code.

Vulnerabilities:

  • Out-of-bounds Write tracked as CVE-2023-39431 with a CVSS score of 7.8.
  • Stack-based Buffer Overflow tracked as CVE-2023-35986 with a CVSS score of 7.8.

Mitigations: Santesoft recommends updating to Sante DICOM Viewer Pro v12.2.6 to address these vulnerabilities.


ICSMA-23-285-02 – Santesoft Sante FFT Imaging

Risk Evaluation: Successful exploitation of this vulnerability could allow an attacker to disclose information and execute arbitrary code.

Vulnerability: Out-of-Bounds Read tracked as CVE-2023-5059 with a CVSS score of 7.8.

Mitigations: Santesoft recommends updating to Sante FFT Imaging v1.4.1 to address this vulnerability.

ICSA-23-285-14 Hikvision Access Control and Intercom Products

Risk Evaluation: Successful exploitation of these vulnerabilities could result in an attacker hijacking a session and gaining device operation permissions or result in an attacker modifying device network configuration by sending specific data packets to a vulnerable interface within the same local network.

Vulnerabilities:

Mitigations: Hikvision recommends users download patches/updates to mitigate these vulnerabilities. The upgrade can be downloaded from the Hikvision official website.

ICSA-23-285-15 – Advantech WebAccess

Risk Evaluation: Successful exploitation of this vulnerability could leak user credentials.

Vulnerability: Exposure of Sensitive Information to an Unauthorized Actor tracked as CVE-2023-4215 with a CVSS score of 6.5.

Mitigations: Advantech recommends users to update WebAccess to Version 9.1.4. No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.

ICSA-23-243-03 – PTC Kepware KepServerEX (Update A)

Risk Evaluation: Successful exploitation of these vulnerabilities could allow an attacker to gain elevated privileges, execute arbitrary code, and obtain server hashes and credentials.

Vulnerabilities:

Mitigations: PTC is developing patches to address these vulnerabilities and recommends users follow secure configuration documentation.

Takeaways

The release of nineteen industrial control systems advisories highlights the importance of securing ICS environments.

Vulnerabilities in various systems pose significant risks, including malicious code execution, unauthorized access, denial of service attacks, and escalation of privileges.

It is crucial to prioritize the implementation of patches or mitigations to address these vulnerabilities.

Following the recommendations promptly from the respective vendors can help reduce the risk and improve the security posture of ICS environments.

Regularly updating software versions and implementing secure configurations are essential to protect against potential attacks.

RECENT BLOG POSTS

PODCASTS

Cubic Lighthouse is a cybersecurity publication dedicated to demystifying security, making news actionable, providing deeper thinking about the fundamentals of security, and providing decision-makers and the community at large with the right information to make the right decisions. We will also feature more technical articles and provide personal/family security advice.

©2024 Cubic Consulting, a Smart Security Company for your Business – All Rights Reserved.