Generic filters
Exact matches only
Search in title
Search in content
Filter by Custom Post Type
Posts
Filter by Categories







[CVSS 9+] CISA Releases Seventeen Industrial Control Systems Advisories

Executive Summary

CISA released seventeen Industrial Control Systems (ICS) advisories on December 14, 2023.

The advisories addressing vulnerabilities having a high or above severity rating (CVSS 7+) are related to the following brands:

  • 1 advisory for Ultrasonic products. This advisory addresses a critical vulnerability being publicly exploited.
  • 13 advisories for Siemens products. Most of these advisories address address high severity and above vulnerabilities.
  • 1 advisory for Cambium products.
  • 1 advisory for Johnson Controls products

Please note that there is also a Philips advisory that addresses vulnerabilities with a CVSS score of 6.5 and below.

We highly recommend that organisations using the ICS products of these vendors carefully study the advisories and apply patches or recommended mitigating controls using a risk-based approach.

Please find concise information about each advisory below.

Unitronics VisiLogic: The advisory addresses a vulnerability with a CVSS score of 9.8. Successful exploitation of this vulnerability could allow an attacker to take administrative control of the affected device. Please note that the flaw is known to have been publicly exploited.

The CISA alert includes 13 advisories related to Siemens products. Out of these, 11 advisories address vulnerabilities with a CVSS score of 7 and above. Those 11 advisories are listed below.

Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1:

The most severe vulnerability in this advisory has a CVSS score of 9.8. Successful exploitation of these vulnerabilities could result in sensitive information disclosure, tampering and deletion, or a denial-of-service condition. Please note that at least one of the vulnerabilities meets the following conditions: exploitable remotely & low attack complexity.

Siemens RUGGEDCOM and SCALANCE M-800/S615 Family:

The most severe vulnerability in this advisory has a CVSS score of 9.1. Successful exploitation of these vulnerabilities could allow an attacker to inject code or spawn a system root shell. Please note that at least one of the vulnerabilities meets the following conditions: exploitable remotely & low attack complexity.

Siemens SINEC INS:

The most severe vulnerability in this advisory has a CVSS score of 8.1. Successful exploitation of these vulnerabilities could allow an attacker to create a denial-of-service condition, intercept credentials, or escalate privileges on the affected device. Please note that at least one of the vulnerabilities meets the following conditions: exploitable remotely & low attack complexity.

The advisory addresses a vulnerability with a CVSS score of 7.6. Successful exploitation of the vulnerability in the advisory could cause an electromagnetic fault injection, which would allow an attacker to dump and debug the firmware, including memory manipulation. Please note that the vulnerability has low attack complexity.

Siemens User Management Component (UMC):

The most severe vulnerability in this advisory has a CVSS score of 7.5. Successful exploitation of these vulnerabilities could allow an attacker to gain unauthorised access and remotely restart the UMC server. Please note that at least one of the vulnerabilities meets the following conditions: exploitable remotely & low attack complexity.

Siemens SIMATIC and SIPLUS Products:

The most severe vulnerability in this advisory has a CVSS score of 7.5. Successful exploitation of the vulnerabilities could allow an unauthorised attacker with network access to the web server to perform a denial-of-service attack. Please note that the vulnerability can be exploited remotely and has a low attack complexity.

Siemens OPC UA Implementation in SINUMERIK ONE and SINUMERIK MC:

The advisory addresses a vulnerability with a CVSS score of 7.5. Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to create a denial of service condition by sending a specially crafted certificate. Please note that the vulnerability can be exploited remotely and has a low attack complexity.

Siemens Web Server of Industrial Products:

The advisory addresses a vulnerability with a CVSS score of 7.5. Successful exploitation of this vulnerability could allow an unauthorized attacker with network access to the web server of an affected device to perform a denial-of-service attack. Please note that the vulnerability can be exploited remotely and has a low attack complexity.

Siemens Simantic S7-1500 CPU family:

The advisory addresses a vulnerability with a CVSS score of 7.5. Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition. Please note that the vulnerability can be exploited remotely and has a low attack complexity.

Siemens SINUMERIK:

The advisory addresses a vulnerability with a CVSS score of 7.5. Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition. Please note that the vulnerability can be exploited remotely and has a low attack complexity.

Siemens SCALANCE and RUGGEDCOM M-800/S615 Family:

The most severe vulnerability in this advisory has a CVSS score of 7.2. Successful exploitation of these vulnerabilities could allow an attacker with administrative privileges to execute arbitrary code on the affected device. Please note that at least one of the vulnerabilities meets the following conditions: exploitable remotely & low attack complexity.

Cambium ePMP 5GHz Force 300-25 Radio: The advisory addresses a vulnerability with a CVSS score of 7.8. Successful exploitation of this vulnerability could allow an attacker to perform remote code execution on the affected product. Please note that it has a low attack complexity.

Johnson Controls Kantech Gen1 ioSmart: This advisory for Johnson Controls addresses a vulnerability with a CVSS score of 7.5. An attacker with physical access to the Kantech Gen1 ioSmart card reader in certain circumstances can recover the reader’s communication memory between the card and reader.

RECENT BLOG POSTS

PODCASTS

Cubic Lighthouse is a cybersecurity publication dedicated to demystifying security, making news actionable, providing deeper thinking about the fundamentals of security, and providing decision-makers and the community at large with the right information to make the right decisions. We will also feature more technical articles and provide personal/family security advice.

©2024 Cubic Consulting, a Smart Security Company for your Business – All Rights Reserved.