Cyble Research & Intelligence Labs (CRIL) has released a new report focusing on critical Industrial Control System (ICS) vulnerabilities, with insights derived from recent advisories issued by the Cybersecurity and Infrastructure Security Agency (CISA).
The report highlights key flaws in several prominent ICS products, urging immediate action to mitigate potential risks that could have devastating consequences for organizations dependent on these systems.
During the reporting period, CISA issued four security advisories that address vulnerabilities in various ICS products used across industries such as manufacturing, energy, transportation, and utilities. The affected systems include those from renowned vendors like ICONICS, Mitsubishi Electric, VIMESA, iniNet Solutions, and Deep Sea Electronics.
The vulnerabilities identified range from path traversal issues to improper access control and even authentication flaws, all of which pose online risks to the integrity and confidentiality of ICS networks.
The report also highlights a particularly concerning vulnerability in SpiderControl SCADA, as well as a configuration disclosure issue in the Deep Sea Electronics DSE855, which could enable unauthorized access to sensitive data and credentials.
Detailed Breakdown of Key ICS Vulnerabilities
The CRIL analysis has identified several high-priority vulnerabilities that organizations need to address immediately to protect their ICS environments from exploitation. These vulnerabilities range in severity but all require prompt action to mitigate potential risks.
One of the most critical vulnerabilities is CVE-2024-7587, which affects the ICONICS Suite, including products such as GENESIS64 and Hyper Historian. This vulnerability stems from incorrect default permissions, which can lead to unauthorized access to key control systems like SCADA (Supervisory Control and Data Acquisition), DCS (Distributed Control Systems), and BMS (Building Management Systems).
Unauthorized access to these critical systems poses a serious threat to operational safety and security. ICONICS has already released a patch to resolve this vulnerability, and it is strongly recommended that organizations using affected products update their systems immediately to avoid potential exploitation.
Another vulnerability is CVE-2024-9692, which impacts the VIMESA Blue Plus Transmitter. This vulnerability is categorized as medium severity and involves improper access control, affecting communication units and transmitters used in industrial environments. If left unaddressed, this flaw could allow attackers to gain unauthorized access to vital communication infrastructure. Fortunately, a patch is available, and organizations are advised to apply it without delay to mitigate the risk.
A high-severity vulnerability is also present in the SpiderControl HMI Editor from iniNet Solutions. This vulnerability, identified as CVE-2024-10313, is a path traversal issue, which allows attackers to access files and directories outside of their intended scope. This could expose sensitive configuration files and system data, making it a significant threat to the integrity of the system. A patch has been released to address this flaw, and it is critical that organizations implement the fix as soon as possible to protect their systems from unauthorized access and potential data breaches.
Lastly, CVE-2024-5947 affects the DSE855 unit from Deep Sea Electronics. This vulnerability arises from missing authentication controls and primarily impacts communication units and transmitters. Attackers could bypass authentication and gain unauthorized access to sensitive system settings, which could compromise the security and functionality of the system. Deep Sea Electronics has issued a patch to correct this vulnerability, and it is recommended that organizations apply the patch immediately to prevent exploitation.
The vulnerabilities identified in this week’s report fall into medium and high severity categories, with all requiring urgent attention. The risks associated with these ICS vulnerabilities are significant, as they could be exploited by attackers to disrupt operations, steal sensitive data, or even gain control of critical infrastructure. This highlights the importance of addressing these vulnerabilities promptly to safeguard operational technology (OT) systems and ensure continuity of critical services.
Conclusion
To effectively address the identified ICS vulnerabilities and prevent exploitation, organizations must adopt a proactive cybersecurity strategy. Timely patch deployment is crucial. Staying informed about security advisories from vendors and regulatory bodies, and quickly applying patches for vulnerabilities like CVE-2024-7587 and CVE-2024-9692, can significantly reduce the risk of exploitation.
Organizations should also actively monitor CISA’s Known Exploited Vulnerabilities (KEV) Catalog to identify vulnerabilities being actively exploited and take swift action. Network segmentation is vital to protect critical ICS assets, and regularly conducting vulnerability assessments and penetration testing will help identify weaknesses before attackers can exploit them. Implementing strong physical security controls will prevent unauthorized access to ICS devices and networks.
An updated incident response plan is essential, outlining procedures for detecting and recovering from security incidents. Ongoing cybersecurity training for employees, especially those working with OT systems, is necessary to reduce human errors and maintain a strong security posture.
