Trending

ee-track">
Link copied!

ICS Vulnerability Intelligence Report: Key Insights and Recommendations

Cyble Research investigates critical ICS vulnerabilities this week, highlighting insights from CISA.

November 4, 2024 · 3 min read
ICS Vulnerability Intelligence Report: Key Insights and Recommendations

Overview

Cyble Research & Intelligence Labs (CRIL) has investigated key ICS vulnerabilities this week, providing critical insights issued by the Cybersecurity and Infrastructure Security Agency (CISA), focusing on multiple flaws in several ICS products.

During this reporting period, CISA issued four security advisories targeting vulnerabilities across various Industrial Control Systems, including those from ICONICS, Mitsubishi Electric, VIMESA, iniNet Solutions, and Deep Sea Electronics. These advisories pinpoint ICS vulnerabilities that security teams should prioritize for immediate patching to mitigate potential risks.

The recent vulnerability assessment has revealed a high-severity path traversal vulnerability in SpiderControl SCADA. The Deep Sea Electronics DSE855 has also been identified as susceptible to a configuration disclosure vulnerability. This issue enables unauthorized access to stored credentials via an HTTP GET request directed at the Backup.bin file.

ICS Vulnerabilities Overview

The Cyble Research & Intelligence Labs (CRIL) analysis details several critical vulnerabilities, providing essential information to help organizations prioritize their mitigation efforts. The following vulnerabilities were identified as the most vulnerable ones to look out for and patch immediately, if susceptible:

  • CVE-2024-7587: This vulnerability affects the ICONICS Suite, including products like GENESIS64 and Hyper Historian. This vulnerability is categorized as an issue of incorrect default permissions, which poses a high-severity risk to control systems such as DCS, SCADA, and BMS. A patch is available for this vulnerability.
  • CVE-2024-9692: This vulnerability relates to the Blue Plus Transmitter from VIMESA. It involves improper access control and is rated as medium severity, impacting communication units and transmitters. A link to the patch is provided for this issue as well. 
  • CVE-2024-10313: This vulnerability highlights a path traversal vulnerability in the SpiderControl HMI Editor from iniNet Solutions. This vulnerability is also classified as high severity and affects human-machine interface systems. A corresponding patch is accessible.
  • CVE-2024-5947: The last vulnerability, CVE-2024-5947, is related to DSE855 from Deep Sea Electronics. This medium-severity vulnerability is characterized by missing authentication, affecting communication units and transmitters. A patch link is available for users to address this vulnerability.

The severity overview reveals that all disclosed vulnerabilities fall into medium and high severity categories but need urgent attention.

Recommendations and Mitigations

To effectively address the identified vulnerabilities and upgrade defenses, organizations should consider the following best practices:

report-ad-banner
  1. Staying informed about security/patch advisories from vendors and regulatory bodies is crucial for timely updates.
  2. Organizations should implement a risk-based vulnerability management strategy to minimize the potential for exploitation.
  3. Threat intelligence analysts should actively monitor critical vulnerabilities published in CISA’s Known Exploited Vulnerabilities (KEV) catalog, especially those that are being actively exploited in the wild.
  4. Effective network segmentation can prevent attackers from conducting reconnaissance and lateral movements, thereby reducing the exposure of critical assets.
  5. Frequent vulnerability assessments and penetration testing are essential for identifying and rectifying security weaknesses.
  6. Implement physical barriers to prevent unauthorized access to devices and networks.
  7. An effective incident response plan outlines procedures for detecting, responding to, and recovering from security incidents. Regular testing and updates ensure its relevance to current threats.
  8. Ongoing cybersecurity training for all employees, particularly those with access to OT systems, is crucial. Training should cover recognizing phishing attempts, proper authentication practices, and adherence to security protocols.

Conclusion

The vulnerabilities identified in this ICS vulnerability intelligence report call for urgent prioritization from organizations to take apt cybersecurity measures. With threats continuously evolving and exploits discussed in underground forums, staying vigilant and proactive is essential.

Implementing the recommendations outlined above will help organizations protect their critical infrastructure and maintain system integrity, ultimately reducing the risk of potential exploitation of ICS vulnerabilities.

Sources: https://www.cisa.gov/news-events/alerts/2024/10/31/cisa-releases-four-industrial-control-systems-advisories

AI Threat Intelligence

Stop Executive Threats
Before They Strike

Monitor dark web chatter, detect lookalike domains, and protect your C-suite from targeted impersonation — in real time, across 50+ countries.

Scroll to Top

Book your session

Request a Personalized Demo

See how Cyble's threat intelligence protects your organization. A specialist will reach out within one business day.

Select one or more options

Cyble protects your personal data to manage your account and deliver requested content. Submit your details to receive updates. Withdraw consent anytime. See our privacy policy for details.

Your information is encrypted and never shared.
SOC 2 Type II GDPR compliant Trusted by 1,000+ teams

Download the brochure

Get the Cyble Vision Brochure

Explore how Cyble Vision delivers AI-powered threat intelligence across your attack surface. Fill in your details to access the brochure.

Select one or more options

Cyble protects your personal data to manage your account and deliver requested content. Submit your details to receive updates. Withdraw consent anytime. See our privacy policy for details.

Your information is encrypted and never shared.
SOC 2 Type II GDPR compliant Trusted by 1,000+ teams