This week’s Cyble ICS vulnerability report includes critical vulnerabilities like CVE-2024-10575 in Schneider Electric’s EcoStruxure IT Gateway, CVE-2024-47407 in mySCADA myPRO Manager/Runtime, and CVE-2024-8525 in Automated Logic that need urgent patching.
Overview
Cyble Research and Intelligence Labs (CRIL) analyzed the latest ICS vulnerabilities disclosed by the Cybersecurity and Infrastructure Security Agency (CISA) between November 19–25, 2024. These vulnerabilities highlight pressing security concerns across critical sectors, including manufacturing, energy, and communications.
Key insights include:
- CISA issued seven security advisories addressing 15 vulnerabilities in ICS products from Schneider Electric, Automated Logic, CODESYS GmbH, and mySCADA.
- A critical “Missing Authorization” flaw (CVE-2024-10575) affecting Schneider Electric’s EcoStruxure IT Gateway could allow attackers unauthorized access to critical systems.
- mySCADA and Automated Logic WebCTRL exposures show the growing attack surface, stressing the importance of proactive security measures.
Below, we delve into the most significant vulnerabilities and their implications for security teams.
The Week’s Top ICS Vulnerabilities
Key vulnerabilities identified in this report include:
CVE-2024-10575 (Schneider Electric):
- Product: EcoStruxure IT Gateway
- Severity: Critical
- Issue: Missing Authorization
- Impact: Unauthorized access to critical systems, risking data breaches and operational disruptions.
- Patch Link
CVE-2024-47407 (mySCADA):
- Product: myPRO Manager/Runtime
- Severity: Critical
- Issue: OS Command Injection
- Impact: Remote execution of arbitrary commands compromising SCADA and HMI systems.
- Patch Link
CVE-2024-8525 (Automated Logic):
- Product: WebCTRL Server (v7.0)
- Severity: Critical
- Issue: Unrestricted File Upload
- Impact: Uploading malicious files to building automation systems.
- Patch Link
CVE-2024-8933 (Schneider Electric):
- Product: Modicon M340, MC80, Momentum
- Severity: High
- Issue: Message Integrity Bypass
- Impact: Potential manipulation of system communications.
- Patch Link
CVE-2024-50054 (mySCADA):
- Product: myPRO Manager/Runtime
- Severity: High
- Issue: Path Traversal
- Impact: Unauthorized file access and data compromise.
- Patch Link
For the complete list of vulnerabilities and their respective mitigations subscribe to Cyble’s AI-powered threat intelligence product suite!
Vendor Spotlight
Schneider Electric reported 50% of vulnerabilities, spanning industrial automation and energy management systems.
mySCADA followed with 33%, reflecting issues in SCADA and HMI platforms.
Automated Logic and CODESYS GmbH accounted for 17%, impacting building automation and PLC software.
Impacted Critical Infrastructure Sectors
Critical Manufacturing dominated the impacted sectors with seven vulnerabilities (50%).
The interconnected sectors of manufacturing, energy, and communications accounted for six vulnerabilities (43%), showcasing the criticality of cross-sector dependencies.
Impacted critical Infrastructure Sectors
Recommendations
To address these vulnerabilities and reduce exploitation risks, CRIL recommends:
- Monitor Alerts: Regularly review security advisories from vendors and government agencies like CISA.
- Implement Zero-Trust: Restrict access to critical systems using risk-based management approaches.
- Network Segmentation: Isolate sensitive ICS components to prevent lateral movement during attacks.
- Patch Management: Develop a strategy for inventory, assessment, testing, and deployment of patches.
- Regular Assessments: Conduct vulnerability assessments, penetration tests, and audits to identify weaknesses.
- Secure Access: Restrict access to ICS devices, ensuring strong authentication measures are in place.
- Incident Response Plans: Establish and test procedures for detecting and responding to cyber incidents.
- Employee Training: Train employees to recognize phishing attempts and adhere to security protocols.
Conclusion
This week’s ICS vulnerability report shows the persistent threats to critical infrastructure. The vulnerabilities in Schneider Electric, mySCADA, and Automated Logic products demonstrate the importance of prioritizing cybersecurity measures to safeguard essential systems.
Organizations must act swiftly to patch critical flaws, enhance monitoring, and strengthen overall cybersecurity posture. Proactive measures are crucial in mitigating risks and maintaining the integrity of critical operations.
