Trending

ee-track">
Link copied!

Top ICS Vulnerabilities This Week: Cyble Urges Siemens and Rockwell Automation Fixes

Of 11 vulnerabilities analyzed by Cyble researchers, two stand out as requiring urgent attention by security teams.

September 27, 2024 · 4 min read
Top ICS Vulnerabilities This Week: Cyble Urges Siemens and Rockwell Automation Fixes

Key Takeaways

  • Cyble researchers this week investigated 11 industrial control system (ICS) vulnerabilities, in systems from Siemens, Rockwell Automation, Yokogawa, Kastle Systems, IDEC Corporation and MegaSys Computer Technologies.
  • Two of the vulnerabilities require immediate attention: an uncontrolled resource consumption vulnerability in Siemens SIMATIC S7-200 SMART CPUs, and an insufficient verification of data authenticity vulnerability in Rockwell Automation’s RSLogix 5 and RSLogix 500 software that could allow scripts to execute without user intervention.
  • Cyble researchers also reported on the additional 9 ICS vulnerabilities, and recommended 11 ICS security best practices for organizations to implement and follow.

Overview

Cyble Research and Intelligence Lab (CRIL) researchers investigated 11 vulnerabilities in industrial control systems (ICS) for the week of Sept. 17-23 and urged security teams to prioritize patching two of them, in Siemens SIMATIC S7-200 SMART CPUs and Rockwell Automation’s RSLogix 5 and RSLogix 500 software.

The other 9 vulnerabilities are in systems from Yokogawa, Kastle Systems, IDEC Corporation and MegaSys Computer Technologies.

Siemens and Rockwell Automation Vulnerabilities

Cyble researchers recommend prioritizing two vulnerabilities in particular:

CVE-2024-43647, which affects multiple Siemens SIMATIC S7-200 SMART CPUs, including various CR, SR, and ST models. This vulnerability stems from improper handling of TCP packets with incorrect structures, which can lead to a denial-ofservice (DoS) condition. An unauthenticated attacker can remotely exploit this flaw with minimal complexity, potentially causing the target system to become unavailable. The vulnerability does not compromise confidentiality or integrity but significantly impacts availability, as it can entirely disrupt access to affected devices until manual intervention is applied to restore operations.

CVE-2024-7847 is a high-severity vulnerability found in Rockwell Automation’s RSLogix 5 and RSLogix 500 software, which are widely used in industrial control systems (ICS). This flaw allows remote code execution (RCE) through malicious VBA-embedded scripts within project files. Once an unsuspecting user opens a manipulated project file, the embedded script can execute without user intervention, potentially giving attackers unauthorized access to critical systems.

Other ICS Vulnerabilities

The other vulnerabilities investigated by CRIL researchers include:

CVE-2024-45682, a command injection vulnerability in Millbeck Communications Proroute H685t-w: Version 3.2.334

CVE-2024-38380, a cross-site scripting (XSS) vulnerability in Millbeck Communications Proroute H685t-w: Version 3.2.334

CVE-2024-8110, an unchecked return value flaw in Yokogaw’s Dual-redundant Platform for Computer (PC2CKM): Versions R1.01.00 to R2.03.00

CVE-2024-41927, a cleartext transmission of sensitive information vulnerability in certain IDEC Corporation FC6A and FC6B Series MICROSmart CPU modules and FT1A Series SmartAXIS Pro/Lite versions

CVE-2024-28957, a generation of predictable identifiers flaw in certain IDEC Corporation FC6A and FC6B Series MICROSmart CPU modules and FT1A Series SmartAXIS Pro/Lite versions

CVE-2024-41716, a cleartext transmission of sensitive information vulnerability in IDEC Corporation WindLDR: Ver.9.1.0 and prior, and WindO/I-NV4: Ver.3.0.1 and prior

CVE-2024-6404, an improper input validation vulnerability in MegaSys Computer Technologies Telenium Online Web Application: versions 8.3 and prior

CVE-2024-45861, a use of hardcoded credentials flaw in Kastle Systems Access Control System: firmware before May 1, 2024

CVE-2024-45862, a cleartext transmission of sensitive information vulnerability in Kastle Systems Access Control System: firmware before May 1, 2024

Cyble Recommendations

Cyble researchers also recommended 11 ICS security best practices for security teams to follow:

  1. Keep track of security and patch advisories and alerts issued by vendors and state authorities.
  2. Follow a risk-based vulnerability management approach to reduce the risk of exploitation of assets and implement a Zero-Trust Policy.
  3. Threat Intelligence Analysts should support the organizational patch management process by continuously monitoring critical vulnerabilities published in the KEV Catalog of CISA, actively exploited in the wild, or identified in mass exploitation attempts on the internet.
  4. Develop a comprehensive patch management strategy that includes inventory management, patch assessment, testing, deployment, and verification. Automate the process where possible to ensure consistency and efficiency.
  5. Implement proper network segmentation to prevent attackers from performing discovery and lateral movement and to minimize exposure of critical assets.
  6. Conduct regular audits, vulnerability assessments, and pentesting exercises to find security loopholes that attackers may exploit.
  7. Continuous monitoring and logging can help in detecting network anomalies early.
  8. Utilize Software Bill of Materials (SBOM) to gain more visibility into individual components, libraries, and their associated vulnerabilities.
  9. Install physical controls to prevent unauthorized personnel from accessing your devices, components, peripheral equipment, and networks.
  10. Create and maintain an incident response plan that outlines procedures for detecting, responding to, and recovering from security incidents. Regularly test and update the plan to ensure its effectiveness and alignment with current threats.
  11. Conduct ongoing cybersecurity training programs for all employees, particularly those with access to OT systems. This includes educating staff on recognizing phishing attempts, proper use of authentication mechanisms, and the importance of following security protocols to prevent accidental security breaches.

AI Threat Intelligence

Stop Executive Threats
Before They Strike

Monitor dark web chatter, detect lookalike domains, and protect your C-suite from targeted impersonation — in real time, across 50+ countries.

Scroll to Top

Book your session

Request a Personalized Demo

See how Cyble's threat intelligence protects your organization. A specialist will reach out within one business day.

Select one or more options

Cyble protects your personal data to manage your account and deliver requested content. Submit your details to receive updates. Withdraw consent anytime. See our privacy policy for details.

Your information is encrypted and never shared.
SOC 2 Type II GDPR compliant Trusted by 1,000+ teams

Download the brochure

Get the Cyble Vision Brochure

Explore how Cyble Vision delivers AI-powered threat intelligence across your attack surface. Fill in your details to access the brochure.

Select one or more options

Cyble protects your personal data to manage your account and deliver requested content. Submit your details to receive updates. Withdraw consent anytime. See our privacy policy for details.

Your information is encrypted and never shared.
SOC 2 Type II GDPR compliant Trusted by 1,000+ teams