The Cybersecurity and Infrastructure Security Agency (CISA) issued two crucial Industrial Control Systems (ICS) advisories, highlighting vulnerabilities that could have serious impacts on critical infrastructure. These ICS advisories, identified as ICSA-25-091-01 and ICSA-24-331-04, are designed to inform organizations about current security threats, vulnerabilities, and necessary mitigations related to ICS products and systems.
Details of the Industrial Control Systems Advisories
The two ICS advisories shared by CISA include vulnerabilities targeting Rockwell Automation Lifecycle Services with Veeam Backup and Replication and itachi Energy MicroSCADA Pro/X SYS600. Here is a quick breakdown of the vulnerabilities and their advisories.
ICSA-25-091-01
The first advisory, ICSA-25-091-01, focuses on a severe vulnerability in Rockwell Automation’s Lifecycle Services integrated with Veeam Backup and Replication. This vulnerability is related to the deserialization of untrusted data (CWE-502), a common type of issue in which attackers can manipulate software to execute malicious code remotely. A CVSS v4 score of 9.4 has been assigned to this flaw, indicating a high risk, as it is remotely exploitable with low attack complexity.
Rockwell Automation’s affected products include the Industrial Data Center (IDC) with Veeam (Generations 1 – 5) and VersaVirtual Appliance (VVA) with Veeam (Series A – C). If successfully exploited, this vulnerability could allow attackers with administrative privileges to execute arbitrary code on affected systems, potentially leading to a complete system compromise.
CISA urges organizations to take immediate defensive measures to mitigate the risk, including:
- Minimizing network exposure for all control systems and ensuring they are not directly accessible from the internet.
- Using secure access methods like Virtual Private Networks (VPNs) when remote access is necessary.
- Keeping VPNs up to date to prevent vulnerabilities from being exploited.
Rockwell Automation is actively working with CISA to notify affected customers, especially those with an active Infrastructure Managed Service contract, and provide them with guidance on patching and remediation.
ICSA-24-331-04
The second advisory, ICSA-24-331-04, addresses a series of vulnerabilities in Hitachi Energy’s MicroSCADA Pro/X SYS600 system, an essential part of critical infrastructure in manufacturing and energy sectors. This advisory outlines multiple flaws, including issues such as improper neutralization of special elements in data query logic, path traversal vulnerabilities, and session hijacking possibilities through authentication bypass.
The most severe vulnerability, CVE-2024-4872, has been assigned a CVSS v3 score of 9.9, highlighting its critical nature. This flaw allows authenticated attackers to inject malicious code into the system, potentially compromising the integrity of persistent data and allowing unauthorized access to sensitive functions. Other issues, such as improper limitations on file paths (CVE-2024-3980), could allow attackers to manipulate files essential to the system’s operation, leading to further compromise.
As with the Rockwell Automation advisory, CISA urges users to implement mitigations immediately to reduce the risks. Hitachi Energy has released patches for the affected versions, including a critical update to Version 10.6 for MicroSCADA Pro/X SYS600. Users are also advised to apply necessary workarounds and stay updated with security patches to protect against exploitation.
