CISA has issued six advisories highlighting vulnerabilities in various industrial control systems. The advisories cover:
- Rockwell Automation’s RSLogix 5 and RSLogix 500 software, which are widely used for programming and configuring industrial automation systems.
- IDEC PLCs, which are programmable logic controllers used in various industrial applications.
- IDEC CORPORATION WindLDR and WindO/I-NV4, software tools for configuring and programming IDEC PLCs.
- MegaSys Computer Technologies Telenium Online Web Application, a web-based application for managing industrial processes.
- Kastle Systems Access Control System, which manages physical security and access in facilities.
- Treck TCP/IP (Update I), which affects communication protocols used in industrial devices.
These advisories underscore the critical vulnerabilities within these systems, emphasizing the need for organizations to assess and mitigate potential risks to ensure the security and reliability of their industrial operations.
Rockwell Automation’s RSLogix 5 and RSLogix 500 software
Rockwell Automation’s RSLogix 5 and RSLogix 500 software are vulnerable due to insufficient verification of data authenticity, identified as CVE-2024-7847. With a CVSS v4 score of 8.8, this high-severity vulnerability is locally exploitable with high attack complexity.
It allows attackers to embed malicious VBA scripts in project files that can execute automatically when opened, enabling remote code execution. All versions of RSLogix 500, RSLogix Micro Developer and Starter, and RSLogix 5 are affected, requiring urgent action to prevent exploitation.
IDEC PLCs
IDEC Corporation’s PLCs have vulnerabilities related to cleartext transmission and predictable identifiers. With a CVSS v3 score of 5.3, these pose moderate risk and low attack complexity, allowing for potential unauthorized access.
Affected products include FC6A and FC6B Series MICROSmart All-in-One and CPU modules (versions 2.60 and prior) and FT1A Series SmartAXIS Pro/Lite (versions 2.41 and prior). CVE-2024-41927 addresses the cleartext issue, while CVE-2024-28957 concerns predictable identifiers, requiring prompt action.
IDEC CORPORATION WindLDR and WindO/I-NV4
IDEC Corporation’s WindLDR and WindO/I-NV4 software are vulnerable due to cleartext storage of sensitive information, identified as CVE-2024-41716. With a CVSS v3 score of 5.9, this moderate-risk vulnerability is remotely exploitable, allowing attackers to potentially access sensitive user authentication data.
Affected versions include WindLDR version 9.1.0 and earlier, and WindO/I-NV4 version 3.0.1 and earlier. This vulnerability, categorized under CWE-312, underscores the need to address cleartext storage to protect sensitive data from unauthorized access and exploitation.
MegaSys Computer Technologies Telenium Online Web Application
MegaSys Computer Technologies’ Telenium Online Web Application has a critical vulnerability (CVE-2024-6404) due to improper input validation, with a CVSS v4 score of 9.3. This remotely exploitable flaw allows arbitrary Perl code injection, risking remote code execution. Affected versions include 8.3 and earlier, highlighting the need for stronger input validation.
Kastle Systems Access Control System
Kastle Systems’ Access Control System has vulnerabilities due to hard-coded credentials (CVE-2024-45861) and cleartext storage of sensitive information (CVE-2024-45862).
With a CVSS v4 score of 9.2, these highly severe issues are remotely exploitable with low attack complexity, affecting firmware versions before May 1, 2024. Hard-coded credentials (CWE-798) can allow unauthorized access, while cleartext storage (CWE-312) further exposes data. These vulnerabilities underscore the urgent need for secure credential management and data protection in access control systems.
Treck TCP/IP (Update I)
Ripple20 vulnerabilities are critical security flaws found in the Treck TCP/IP stack, which is used in many devices and industries. These flaws can lead to remote code execution, data breaches, and other serious consequences.
Here’s a summary of each vulnerability by their CVE identifiers:
- CVE-2020-11896: This flaw affects the IPv4/UDP component and involves improper handling of length parameters, allowing remote code execution. It has a CVSS v3 score of 10.0, indicating critical severity.
- CVE-2020-11897: Similar to the previous CVE, this flaw affects the IPv6 component and may cause out-of-bounds writes, also with a CVSS v3 score of 10.0.
- CVE-2020-11898: This vulnerability affects the IPv4/ICMPv4 component, leading to out-of-bounds reads, with a CVSS v3 score of 9.1.
- CVE-2020-11899: Found in the IPv6 component, this flaw allows out-of-bounds reads and potential denial of service attacks, scoring 5.4 on the CVSS v3.
- CVE-2020-11900: This issue in the IPv4 tunneling component can cause use-after-free conditions, with a CVSS v3 score of 8.2.
- CVE-2020-11901: Affects the DNS resolver component, enabling remote code execution, with a CVSS v3 score of 9.0.
- CVE-2020-11902: This vulnerability in IPv6 over IPv4 tunneling allows out-of-bounds reads, scoring 7.3 on the CVSS v3.
- CVE-2020-11903: Found in the DHCP component, it may expose sensitive information, with a CVSS v3 score of 5.3.
To mitigate these vulnerabilities, organizations should take several key steps:
- Update Systems: Ensure all devices and software are updated with the latest patches provided by manufacturers. This helps close any security gaps and reduces the risk of exploitation.
- Implement Network Segmentation: Divide the network into smaller, isolated segments. This limits the potential impact of a breach, as attackers would have a harder time moving through the network.
- Monitor Network Traffic: Regularly monitor network traffic for any unusual activities or patterns. This can help detect potential threats early, allowing organizations to respond quickly to any suspicious behavior.
By following these steps, organizations can better protect their systems and sensitive data from attacks.
Follow Us on: Twitter, Instagram, Facebook to get the latest security news!
Leave A Comment