Weekly ICS Vulnerability Intelligence Report: Rockwell Automation, Delta Electronics, Solar-Log

Overview

Cyble Research & Intelligence Labs (CRIL) has investigated significant ICS vulnerabilities this week, providing essential insights derived from advisories issued by the Cybersecurity and Infrastructure Security Agency (CISA). This week’s report highlights multiple vulnerabilities across critical ICS products, with specific focus on those from Rockwell Automation, Delta Electronics, and Solar-Log.

CISA released three security advisories addressing four ICS vulnerabilities across these products, underscoring the urgent need for mitigation.

Among the most notable is a Cross-Site Scripting (XSS) flaw in Solar-Log Base 15, a widely used photovoltaic energy management product, which poses heightened risks due to internet-facing deployments identified by Cyble’s ODIN scanner.

ICS Vulnerabilities Overview

CRIL has pinpointed the following critical ICS vulnerabilities requiring immediate action:

• CVE-2023-46344 – Solar-Log Base 15
  • Type: Cross-Site Scripting (XSS)
  • Severity: Medium
  • Description: This vulnerability allows unauthorized access through internet-facing instances, enabling attackers to potentially compromise device security and functionality. Cyble’s ODIN scanner identified a significant number of Solar-Log Base 15 devices deployed in Germany, emphasizing the need for prompt patching.
  • Patch available here.
• CVE-2024-10456 – Delta Electronics InfraSuite Device Master
  • Type: Deserialization of Untrusted Data
  • Severity: Critical
  • Description: The Delta InfraSuite Device Master vulnerability allows critical systems to process untrusted data, which could lead to unauthorized access or system manipulation. This vulnerability impacts essential operational systems, necessitating immediate patching.
  • Patch available here.
• CVE-2024-10386 – Rockwell Automation ThinManager
  • Type: Missing Authentication for Critical Function
  • Severity: Critical
  • Description: Rockwell Automation’s ThinManager vulnerability allows unauthorized users to access sensitive systems without proper authentication, potentially exposing operational systems to attacks. This flaw requires urgent attention due to its impact on operational continuity.
  • Patch available here.
• CVE-2024-10387 – Rockwell Automation ThinManager
  • Type: Out-of-Bounds Read
  • Severity: Medium
  • Description: This vulnerability could allow unauthorized data access, which can lead to security breaches in operational systems if left unpatched.
  • Patch available here.

The severity overview indicates that these vulnerabilities span medium to critical levels, affecting critical infrastructure and necessitating prioritized mitigation.

Figure 1. Sectors impacted due to these vulnerabilities. (Source: CRIL)

Recommendations and Mitigations

To address these vulnerabilities effectively, organizations should consider the following best practices:

1. Stay Updated: Regularly monitor security advisories from vendors and regulatory bodies to stay informed of critical patches and vulnerabilities.
2. Risk-Based Vulnerability Management: Implement a risk-focused approach to manage and patch vulnerabilities based on their potential impact, especially for internet-facing ICS components.
3. Network Segmentation: Isolate critical assets using effective network segmentation to prevent lateral movement and reconnaissance attempts by potential attackers.
4. Continuous Vulnerability Assessments: Conduct regular vulnerability assessments, audits, and penetration testing to proactively identify and fix security loopholes.
5. Utilize Software Bill of Materials (SBOM): Maintain visibility into software components, libraries, and dependencies to detect vulnerabilities promptly.
6. Incident Response Preparedness: Develop and routinely test a robust incident response plan, ensuring it is aligned with the latest threat landscape.
7. Cybersecurity Training: Conduct ongoing training programs for employees, particularly those with access to OT systems, covering threat recognition, authentication protocols, and security best practices.

Conclusion

The vulnerabilities highlighted in this ICS intelligence report call for swift action from organizations to mitigate potential security risks. With threats evolving rapidly and exploit attempts on the rise, maintaining a proactive stance is essential. By prioritizing the recommendations and implementing necessary patches, organizations can safeguard critical infrastructure, enhance operational resilience, and minimize the risk of exploitation.

Source: