ICS Vulnerability Intelligence Report: Key Insights and Recommendations
Overview
Cyble Research & Intelligence Labs (CRIL) has investigated key ICS vulnerabilities this week, providing critical insights issued by the Cybersecurity and Infrastructure Security Agency (CISA), focusing on multiple flaws in several ICS products.
During this reporting period, CISA issued four security advisories targeting vulnerabilities across various Industrial Control Systems, including those from ICONICS, Mitsubishi Electric, VIMESA, iniNet Solutions, and Deep Sea Electronics. These advisories pinpoint ICS vulnerabilities that security teams should prioritize for immediate patching to mitigate potential risks.
The recent vulnerability assessment has revealed a high-severity path traversal vulnerability in SpiderControl SCADA. The Deep Sea Electronics DSE855 has also been identified as susceptible to a configuration disclosure vulnerability. This issue enables unauthorized access to stored credentials via an HTTP GET request directed at the Backup.bin file.
ICS Vulnerabilities Overview
The Cyble Research & Intelligence Labs (CRIL) analysis details several critical vulnerabilities, providing essential information to help organizations prioritize their mitigation efforts. The following vulnerabilities were identified as the most vulnerable ones to look out for and patch immediately, if susceptible:
- CVE-2024-7587: This vulnerability affects the ICONICS Suite, including products like GENESIS64 and Hyper Historian. This vulnerability is categorized as an issue of incorrect default permissions, which poses a high-severity risk to control systems such as DCS, SCADA, and BMS. A patch is available for this vulnerability.
- CVE-2024-9692: This vulnerability relates to the Blue Plus Transmitter from VIMESA. It involves improper access control and is rated as medium severity, impacting communication units and transmitters. A link to the patch is provided for this issue as well.
- CVE-2024-10313: This vulnerability highlights a path traversal vulnerability in the SpiderControl HMI Editor from iniNet Solutions. This vulnerability is also classified as high severity and affects human-machine interface systems. A corresponding patch is accessible.
- CVE-2024-5947: The last vulnerability, CVE-2024-5947, is related to DSE855 from Deep Sea Electronics. This medium-severity vulnerability is characterized by missing authentication, affecting communication units and transmitters. A patch link is available for users to address this vulnerability.
The severity overview reveals that all disclosed vulnerabilities fall into medium and high severity categories but need urgent attention.
Recommendations and Mitigations
To effectively address the identified vulnerabilities and upgrade defenses, organizations should consider the following best practices:
- Staying informed about security/patch advisories from vendors and regulatory bodies is crucial for timely updates.
- Organizations should implement a risk-based vulnerability management strategy to minimize the potential for exploitation.
- Threat intelligence analysts should actively monitor critical vulnerabilities published in CISA’s Known Exploited Vulnerabilities (KEV) catalog, especially those that are being actively exploited in the wild.
- Effective network segmentation can prevent attackers from conducting reconnaissance and lateral movements, thereby reducing the exposure of critical assets.
- Frequent vulnerability assessments and penetration testing are essential for identifying and rectifying security weaknesses.
- Implement physical barriers to prevent unauthorized access to devices and networks.
- An effective incident response plan outlines procedures for detecting, responding to, and recovering from security incidents. Regular testing and updates ensure its relevance to current threats.
- Ongoing cybersecurity training for all employees, particularly those with access to OT systems, is crucial. Training should cover recognizing phishing attempts, proper authentication practices, and adherence to security protocols.
Conclusion
The vulnerabilities identified in this ICS vulnerability intelligence report call for urgent prioritization from organizations to take apt cybersecurity measures. With threats continuously evolving and exploits discussed in underground forums, staying vigilant and proactive is essential.
Implementing the recommendations outlined above will help organizations protect their critical infrastructure and maintain system integrity, ultimately reducing the risk of potential exploitation of ICS vulnerabilities.
The post ICS Vulnerability Intelligence Report: Key Insights and Recommendations appeared first on Cyble.
Blog – Cyble – Read More