BackBox.org News
  • BackBox.org
  • Linux
  • Community
  • News
  • Services
  • Sitemap
  • Contact
  • Click to open the search input field Click to open the search input field Search
  • Menu Menu
Top ICS Vulnerabilities This Week: Siemens, Baxter, and Subnet Solutions

Top ICS Vulnerabilities This Week: Siemens, Baxter, and Subnet Solutions

November 22, 2024/in Company Blogs

ICS Vulnerabilities

This week’s Cyble ICS vulnerability report includes critical vulnerabilities like CVE-2024-39332 in Siemens, CVE-2024-9834 in Baxter Life2000 Ventilation System, and CVE-2024-45490 in Subnet Solutions that need urgent patching.

Overview

Cyble Research & Intelligence Labs (CRIL) has analyzed key Industrial Control System (ICS) vulnerabilities reported by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) for the week spanning November 12–18, 2024. It covers vulnerabilities across products from Siemens, Baxter, Subnet Solutions, and others, urging organizations to prioritize patching to mitigate risks.

This week, 21 ICS security advisories disclosed 129 vulnerabilities affecting multiple vendors.

The healthcare sector remains particularly vulnerable, with Baxter’s Life2000 ventilation systems spotlighted due to their potential to compromise patient safety.

Meanwhile, critical manufacturing continues to dominate in terms of affected infrastructure, accounting for 75.2% of reported vulnerabilities.

The Week’s Top ICS Vulnerabilities

Key vulnerabilities identified in this report include:

  1. CVE-2024-45490 (Subnet Solutions):
    • Product: PowerSYSTEM Center PSC 2020
    • Impacted Versions: v5.22.x and prior
    • Severity: Critical
    • Issue: Improper XML External Entity Reference
    • Impact: Affects SCADA, DCS, and BMS systems

  2. CVE-2024-9834 (Baxter):
    • Product: Life2000 Ventilation System (v06.08.00.00 and prior)
    • Severity: Critical
    • Issue: Cleartext Transmission of Sensitive Information

  3. CVE-2024-39332 (Siemens):
    • Product: SINEC INS
    • Impacted Versions: versions prior to V1.0 SP2 Update 3
    • Severity: Critical
    • Issue: Improper Input Validation

  4. CVE-2024-41153 (Hitachi Energy):
    • Product: TRO600 series firmware
    • Impacted Versions: v9.0.1.0 to 9.2.0.0
    • Severity: High
    • Issue: Command Injection

For the complete list of vulnerabilities and their respective mitigations, subscribe to Cyble’s AI-powered threat intelligence product suite!

Recommendations

To address these vulnerabilities and reduce exploitation risks, CRIL recommends:

  • Patch Management: Organizations should develop and implement a comprehensive patch strategy, including inventory, assessment, testing, and deployment. Leverage automation to enhance efficiency.
  • Network Segmentation: Limit attackers’ lateral movement and exposure by implementing robust segmentation practices.
  • Threat Intelligence Monitoring: Continuously track vulnerabilities listed in CISA’s KEV catalog to detect and mitigate actively exploited issues.
  • Physical Security: Protect devices and networks through physical barriers to deter unauthorized access.
  • Incident Response Planning: Maintain a tested and updated plan to respond effectively to cybersecurity incidents.
  • Staff Training: Regularly educate employees on recognizing phishing attempts, proper authentication practices, and adhering to security protocols.

Conclusion

This week’s ICS vulnerability report showcases the growing threats to critical infrastructure, particularly in manufacturing and healthcare. Organizations must prioritize resilience through prompt patching, enhanced monitoring, and proactive cybersecurity strategies to mitigate the risks posed by these vulnerabilities.

With the ICS landscape continually evolving, staying ahead of threat actors is essential to safeguarding vital operations and ensuring system integrity.

The post Top ICS Vulnerabilities This Week: Siemens, Baxter, and Subnet Solutions appeared first on Cyble.

Blog – Cyble – ​Read More

Share this entry
  • Share on Facebook
  • Share on X
  • Share on WhatsApp
  • Share on LinkedIn
  • Share on Vk
  • Share on Reddit
  • Share by Mail
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png 0 0 https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png 2024-11-22 13:06:352024-11-22 13:06:35Top ICS Vulnerabilities This Week: Siemens, Baxter, and Subnet Solutions
Search Search
Copyright © BackBox.org
  • Link to X
  • Link to Facebook
  • Link to LinkedIn
  • Link to Youtube
  • Link to Telegram
Link to: Malware Bypasses Microsoft Defender and 2FA to Steal $24K in Crypto Link to: Malware Bypasses Microsoft Defender and 2FA to Steal $24K in Crypto Malware Bypasses Microsoft Defender and 2FA to Steal $24K in Crypto Link to: Russian Spies Jumped From One Network to Another Via Wi-Fi in an Unprecedented Hack Link to: Russian Spies Jumped From One Network to Another Via Wi-Fi in an Unprecedented Hack Russian Spies Jumped From One Network to Another Via Wi-Fi in an Unprecedented HackRussian Spies Jumped From One Network to Another Via Wi-Fi in an Unprecedented...
Scroll to top Scroll to top Scroll to top