Key Takeaways
- CISA Alert: CISA warns of critical ICS vulnerabilities in Rockwell Automation and Delta Electronics products.
- ThinManager ThinServer: Flaws in Rockwell Automation’s ThinManager ThinServer (versions 11.1.0 to 13.2.1) could allow system-level code execution. Affected sector: Manufacturing.
- Delta DTN Soft: Vulnerability in Delta’s DTN Soft (version 2.0.1 and prior) enables remote code execution. Update to version 2.1. Affected sector: Energy.
- FactoryTalk View SE: A flaw in Rockwell Automation’s FactoryTalk View SE 13.0 allows unauthorized file modifications. Affected sectors: Chemical, Energy, and others.
- Mitigation: CISA advises minimizing ICS exposure, securing remote access, updating software, and implementing layered security measures.
Overview
On August 29, the Cybersecurity and Infrastructure Security Agency (CISA) released three advisories to warn users and administrators of several critical vulnerabilities affecting industrial control systems (ICS) from prominent vendors.
- Advisory ICSA-24-242-01 address vulnerabilities in Rockwell Automation ThinManager ThinServer.
- ICSA-24-242-02 covers a vulnerability in Delta Electronics DTN Soft.
- ICSA-24-226-06 advises users about a vulnerability in Rockwell Automation FactoryTalk View Site Edition (Update A).
Cyble’s ICS vulnerabilities report last week looked at additional vulnerabilities in Rockwell and other ICS products, plus general recommendations for controlling risk in ICS networks.
Rockwell Automation ThinManager ThinServer Vulnerabilities
The first set of vulnerabilities, disclosed in ICSA-24-242-01, affects multiple versions of Rockwell Automation’s ThinManager ThinServer software, a client management tool. The flaws, which include improper privilege management, incorrect permission assignment, and improper input validation, could allow attackers to read arbitrary files and execute code with system-level privileges.
The affected versions of ThinManager ThinServer range from 11.1.0 to 13.2.1. CISA has assigned three CVE identifiers to these flaws: CVE-2024-7986, CVE-2024-7987, and CVE-2024-7988. The CVSS v4 scores for these vulnerabilities range from 6.8 to 9.3, indicating a high-to-critical level of risk.
Critical Infrastructure Sector Impacted: Manufacturing.
Delta Electronics DTN Soft Vulnerability
The second advisory, ICSA-24-242-02, focuses on a vulnerability in Delta Electronics’ DTN Soft temperature control software. The flaw, a deserialization of untrusted data issue (CWE-502), could allow an attacker to achieve remote code execution.
The vulnerability affects DTN Soft version 2.0.1 and prior. CISA has assigned CVE-2024-8255 to this flaw, with a CVSS v4 score of 8.4.
Delta Electronics recommends updating to the latest version, 2.1, to mitigate this vulnerability.
Critical Infrastructure Sector Impacted: Energy.
Rockwell Automation FactoryTalk View Site Edition Vulnerability
The third advisory, ICSA-24-226-06, covers a vulnerability in Rockwell Automation’s FactoryTalk View Site Edition, an HMI application. The flaw, an incorrect permission assignment for a critical resource (CWE-732), could allow any user to edit or replace files executed with elevated permissions.
The affected version is FactoryTalk View SE 13.0. CISA has assigned CVE-2024-7513 to this vulnerability, with a CVSS v4 score of 8.5.
Rockwell Automation recommends updating to a newer version of FactoryTalk to mitigate this vulnerability.
Critical Infrastructure Sector Impacted: Chemical; Commercial Facilities; Energy; Government Facilities; Manufacturing; Water and Wastewater Systems.
CISA Mitigation Advice
Based on the CISA advisories for the three industrial control system (ICS) vulnerabilities, the following general recommendations and mitigations are provided:
1. Minimize Network Exposure:
* Ensure that ICS devices and systems are not accessible from the internet.
* Limit access to ICS devices and systems to only those who need it.
* Use firewalls and other network segmentation techniques to isolate ICS networks from business networks.
2. Implement Secure Remote Access Methods:
* Use Virtual Private Networks (VPNs) to establish secure remote connections.
* Regularly update VPN software and configurations to ensure they are secure.
* Consider using other secure remote access methods, such as SSH or HTTPS.
3. Perform Regular Software Updates:
* Regularly update ICS software to the latest versions to ensure you have the latest security patches and fixes.
* Use automated update mechanisms and monitoring to stay up-to-date.
4. Implement Security Best Practices:
* Use strong passwords and password policies to prevent unauthorized access.
* Implement access controls, such as role-based access control (RBAC) and least privilege access.
* Regularly audit and monitor ICS systems for suspicious activity.
5. Perform Impact Analysis and Risk Assessment:
* Regularly assess the potential impact of potential security incidents on your ICS systems.
* Develop and implement incident response plans to mitigate the effects of a security incident.
6. Use Secure Protocols and Communications:
* Use secure communication protocols, such as HTTPS and SSH, to protect data in transit.
* Regularly update and patch communication protocols to ensure they are secure.
7. Implement Defense-in-Depth Strategies:
* Implement multiple layers of security controls to prevent and detect security incidents.
* Use a combination of technical and procedural controls to protect ICS systems.
8. Monitor for Suspicious Activity:
* Regularly monitor ICS systems and networks for suspicious activity.
* Implement intrusion detection and prevention systems to detect and prevent security incidents.
