Patch These 15 Industrial Control Systems Vulnerabilities, Urges CISA ICS Advisory

Organizations must immediately patch 15 industrial control systems vulnerabilities, warned the latest CISA ICS advisory.

The Cybersecurity and Infrastructure Security Agency of America (CISA) released fifteen Industrial Control Systems (ICS) advisories with information on their respective updates.

Vulnerabilities in vendor products including Siemens, Teltonika, Rockwell Automation, and BirdDog were noted in the CISA ICS advisory.

Failing to patch these 15 vulnerabilities listed in the latest CISA ICS advisory may allow threat actors disrupt critical services, warned the agency.

The other vendors addressed in the CISA ICS advisory were SDG Technologies and PTC.

Vulnerabilities addressed in the CISA ICS advisory

Of all the 15 industrial control systems products patched as noted in the CISA advisory, 6 were for Siemens.

In case updates are not installed, it can expose networks to hackers and allow them to disrupt critical infrastructure and functions.

Here are the details of the vulnerabilities, vendors, CVSS score, and possible exploitations:

1. ICSA-23-131-01 Siemens Solid Edge – CVSS – 7.8 – Run arbitrary code or crash the application.
2. ICSA-23-131-02 Siemens SCALANCE W1750D – CVSS – 8.4 – Stealing user session.
3. ICSA-23-131-03 Siemens Siveillance – CVSS – 9.9 – Remote code execution.
4. ICSA-23-131-04 Siemens SIMATIC Cloud Connect 7 – CVSS – 7.2 – Remote code execution.
5. ICSA-23-131-05 Siemens SINEC NMS Third-Party – CVSS – 9.8 – Cleartext access of sensitive data, use after free, expected behavior violation, etc.
6. ICSA-23-131-06 Siemens SCALANCE LPE9403 – CVSS – 9.9 – Access to root, launch DoS attack, creating files, command injection, path traversal, among others.
7. ICSA-23-131-07 Sierra Wireless AirVantage – CVSS – 8.1 – Access to sensitive data through improper authentication.
8. ICSA-23-131-08 Teltonika Remote Management System and RUT Model Routers – CVSS – 10 – Remote code execution, expose connected systems, impersonation of devices, improper authentication, server-side request forgery, OS command injection, etc.
9. ICSA-23-131-09 Rockwell Automation Kinetix 5500 EtherNetIP Servo Drive – CVSS – 9.4 – Launch DoS attack, and unauthorized access.
10. ICSA-23-131-10 Rockwell Automation Arena Simulation Software – CVSS – 7.8 – Run arbitrary code using memory buffer overflow.
11. ICSA-23-131-11 BirdDog Cameras & Encoders – CVSS – 8.4 – Remote code execution, and gaining unauthorized access.
12. ICSA-23-131-12 SDG PnPSCADA – CVSS – 9.8 – Access to databases, and SQL injection.
13. ICSA-23-131-13 PTC Vuforia Studio – CVSS – 8.0 – Viewing credentials, path traversal, improper authentication, cross-site request forgery, among others.
14. ICSA-23-131-14 Rockwell PanelView 800 – CVSS – 9.8 – Remote code execution, and out-of-bounds read and write.
15. ICSA-23-131-15 Rockwell ThinManager – CVSS – 7.5 – Decrypt traffic, and unauthorized access.

Patch details about the vulnerabilities in the CISA ICS advisory

The CISA ICS advisory released on May 11, 2023, also contained patch details that vendors and clients are urged to install or make sure are auto updated.

The CISA ICS advisory noted that the agency will only post the initial advisory for the Munich-based industrial manufacturing giant Siemens.

“As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory,” the CISA ICS advisory said.

CISA ICS advisory and the crucial industrial control systems

ICS can be found everywhere, from automated machines in manufacturing to cooling systems in office buildings. In the past, these systems were based on specific operating systems and communication protocols.

A successful attack on ICS can cause substantial financial losses, intellectual property theft, and health and safety risks.

“Threat actors have different motives when choosing an enterprise to target. When carrying out attacks, these threat actors are often motivated by financial gain, political cause, or even a military objective,” said a Trend Micro advisory.

“Attacks may be state-sponsored or they could also come from competitors, insiders with a malicious goal, and even hacktivists.”

The first stage of an attack against ICS usually involves reconnaissance that allows the attacker to survey the environment, noted the Trend Micro report.

The next step would be to employ different tactics that will help attackers gain a foothold in the target network. The strategies and tactics at this point are highly similar to a targeted attack.

The vulnerabilities in ICS systems vary from inadequate security architecture and design to unsecure remote access of ICS components, unsecure industry-wide ICS protocols, and lack of administrative mechanisms for security enforcement.

The complexity of launching an attack on ICS depends on different factors, from the security of the system to the intended impact.