Executive Summary
CISA released nine Industrial Control Systems (ICS) advisories on January 11, 2024.
The advisories are related to the following brands:
- 6 advisories for Siemens
- 1 advisory for Rapid Software
- 1 advisory for Schneider Electric
- 1 advisory for Horner Automation
Accordingly, it is strongly advised that organisations utilising the ICS products from these vendors thoroughly examine the advisories and implement necessary patches or recommended mitigations using a risk-based approach.
Please find brief information about each advisory below.
Industrial Control Systems Advisories for Siemens
Siemens SIMATIC
This advisory has a single vulnerability with a CVSS score of 10.0.
Consequently, successful exploitation of this flaw could allow an attacker to obtain remote unauthorised access.
⚠️ Please be aware that it is exploitable remotely with a low attack complexity.
Siemens SIMATIC CN 4100
This advisory has 3 vulnerabilities. Among them, the most severe one has a CVSS score of 9.8.
As a result, successful exploitation of these vulnerabilities could allow an attacker to remotely login as root or cause a denial of service condition of the device.
⚠️ Please note that at least one of the vulnerabilities meets the following conditions: exploitable remotely & low attack complexity.
Siemens Solid Edge
This advisory includes 11 vulnerabilities. Among them, the most severe flaw has a CVSS score of 7.8.
Successful exploitation of these vulnerabilities could allow an attacker to use specially crafted PAR files to execute code in the context of the current process.
⚠️ Please pay attention to the low attack complexity.
Siemens Teamcenter Visualization and JT2Go
This advisory reports 4 vulnerabilities, with the most severe one having a CVSS score of 7.8.
As a result, successful exploitation of these vulnerabilities could allow attackers to execute code in the context of the software’s current process or crash the application, causing a denial of service.
⚠️ Please be aware that the vulnerability has a low attack complexity.
Siemens Spectrum Power 7
This advisory also includes a single vulnerability with a CVSS score of 7.8.
Consequently, successful exploitation of this flaw could allow an authenticated local attacker to inject arbitrary code and gain root access.
⚠️ Please take note of the low attack complexity.
Siemens SICAM A8000
This advisory has a single vulnerability with a CVSS score of 6.6.
Successful exploitation of this vulnerability could allow an authenticated remote attacker to inject commands that are executed on the device with root privileges during device startup.
⚠️ Please note that it is exploitable remotely.
Notably, Siemens products are included in nearly every CISA advisory regarding ICS. As an example, please refer to our news article about the previous advisory.
Industrial Control Systems Advisory for Rapid Software
Rapid Software LLC Rapid SCADA
This advisory covers 7 vulnerabilities, with the most severe one having a CVSS score of 9.6.
An attacker could achieve the following potential result by exploiting these vulnerabilities:
- Reading sensitive files from the Rapid Scada server,
- Writing files to the Rapid Scada directory (thus achieving code execution),
- Gaining access to sensitive systems via legitimate-seeming phishing attacks,
- Connecting to the server and performing attacks using the high privileges of a service,
- Obtaining administrator passwords,
- Learning sensitive information about the internal code of the application,
- Achieving remote code execution.
⚠️ Please note that at least one of the vulnerabilities meets the following conditions: exploitable remotely and low attack complexity.
Industrial Control Systems Advisory for Schneider Electric
Schneider Electric Easergy Studio
This advisory has a single vulnerability with a CVSS score of 7.8, which could allow an attacker to gain full control of a workstation.
⚠️ Please pay attention to the low attack complexity.
Industrial Control Systems Advisory for Horner Automation
Horner Automation Cscape
This advisory has a single vulnerability with a CVSS score of 7.8, which could allow an attacker to execute arbitrary code.
⚠️ Please pay attention to the low attack complexity.