A recent Cyble ICS vulnerabilities report sheds light on several critical vulnerabilities in industrial control systems (ICS) from major vendors including Schneider Electric, mySCADA, and Automated Logic.
These vulnerabilities, some of which are categorized as high risk, expose systems in critical sectors such as manufacturing, energy, and communications to serious threats. Organizations are being urged to take immediate action to patch the flaws, with guidance provided by the Cybersecurity and Infrastructure Security Agency (CISA).
The report, compiled by Cyble Research and Intelligence Labs (CRIL), identifies vulnerabilities that could allow attackers to breach sensitive systems and disrupt critical operations. CISA issued advisories for a total of 15 vulnerabilities across various ICS products.
Top ICS Vulnerabilities This Week
Among the most concerning vulnerabilities identified are CVE-2024-10575, CVE-2024-47407, and CVE-2024-8525. These flaws affect critical infrastructure, including SCADA and building automation systems.
CVE-2024-10575 (Schneider Electric EcoStruxure IT Gateway)
- Severity: Critical
- Issue: Missing Authorization
- Impact: Attackers could gain unauthorized access to critical systems, leading to potential data breaches and operational disruptions.
CVE-2024-47407 (mySCADA myPRO Manager/Runtime)
- Severity: Critical
- Issue: OS Command Injection
- Impact: This flaw allows attackers to remotely execute arbitrary commands, compromising SCADA and Human-Machine Interface (HMI) systems.
CVE-2024-8525 (Automated Logic WebCTRL Server v7.0)
- Severity: Critical
- Issue: Unrestricted File Upload
- Impact: This vulnerability allows attackers to upload malicious files to building automation systems, potentially compromising the integrity of these systems.
In addition to these critical flaws, the report also identifies CVE-2024-8933 in Schneider Electric’s Modicon M340, MC80, and Momentum systems, which involves message integrity bypass. Additionally, CVE-2024-50054 in mySCADA’s myPRO Manager/Runtime involves a path traversal issue, which could lead to unauthorized file access.
Vendor Breakdown and Industry Impact
Schneider Electric accounted for 50% of the reported vulnerabilities, primarily affecting industrial automation and energy management systems. mySCADA contributed 33% of the vulnerabilities, affecting SCADA and HMI systems. Automated Logic and CODESYS GmbH represented 17%, with flaws impacting building automation and PLC software.
These vulnerabilities have wide-ranging consequences for the critical infrastructure sectors, especially in manufacturing, energy, and communications, which together accounted for the majority of the reported issues.
Conclusion
CISA plays a vital role in identifying and addressing ICS vulnerabilities, offering advisories to help organizations mitigate risks. To enhance ICS security, organizations should monitor alerts, adopt zero-trust architectures, segment networks, and implement strong patch management strategies.
Regular vulnerability assessments, secure access protocols, and incident response plans are essential for quick recovery from potential attacks. Additionally, ongoing employee training on cybersecurity best practices is crucial. The recent vulnerabilities in Schneider Electric, mySCADA, and Automated Logic emphasize the need for timely patching and proactive security measures to protect critical infrastructure from evolving cyber threats.
