CISA Warns on Unpatched ICS Vulnerabilities Lurking in Critical Infrastructure

  /     /     /  
Publicated : 23/11/2024   Category : security


CISA Warns on Unpatched ICS Vulnerabilities Lurking in Critical Infrastructure


The advisory comes the same week as a warning from the EUs ENISA about potential for ransomware attacks on OT systems in the transportation sector.



The US Cybersecurity and Infrastructure Security Agency (CISA) this week issued advisories for a total of 49 vulnerabilities in eight industrial control systems (ICS) used by organizations in multiple critical infrastructure sectors — some unpatched.
The need for organizations in critical infrastructure sectors to consider cybersecurity is growing. ICS and operational technology (OT) environments are no longer air-gapped, segmented as they once used to be, and are increasingly accessible over the Internet. The result is that both
ICS and OT networks have become increasingly popular targets
for both nation-state actors and financially motivated threat groups.
Thats unfortunate given that many of the vulnerabilities in CISAs advisory are remotely exploitable, involve low attack complexity, and allow attackers to take control of affected systems, manipulate and modify settings, escalate privileges, bypass security controls, steal data, and crash systems. The high-severity vulnerabilities are present in products from Siemens, Rockwell Automation, Hitachi, Delta Electronics, Keysight, and VISAM.
The 
CISA advisory
coincided with a report from the European Union on threats to the transportation sector that also warned about the potential for ransomware attacks on
OT systems used by aviation
, maritime, railway, and road transport agencies. At least some of the vulnerable systems in CISAs advisory pertain to organizations in the transportation sector as well.
Seven of the 49 vulnerabilities in CISAs advisory are in
Siemens RUGGEDCOM APE1808
technology and currently have no fix. The vulnerabilities allow an attacker to elevate privileges on a compromised system, or to crash it. Organizations in multiple critical infrastructure sectors around the globe currently use the product to host commercial applications.
Seventeen other flaws are present in various third-party components that are integrated into
Siemens Scalance W-700 devices
. Organizations in multiple critical infrastructure sectors use the product including those in chemical, energy, food, and agriculture and manufacturing. Siemens has urged organizations using the product to update its software to v2.0 or later and to implement controls for protecting network access to the devices.
Thirteen of the newly disclosed vulnerabilities affect
Delta Electronic InfraSuite Device Master
, a technology that organizations in the energy sector use to monitor the health of critical systems. Attackers can exploit the vulnerabilities to trigger denial-of-service conditions or to steal sensitive data that could be of use in a future attack.
Other vendors in CISAs advisory, with multiple vulnerabilities in their products are Visam, whose
Vbase Automation technology
accounted for seven flaws and
Rockwell Automaton
with three flaws in its ThinManager product used in the critical manufacturing sector. Keysight had one vulnerability in its
Keysight N6845A Geolocation Server
for communications and government organizations and Hitachi updated information on a previously known vulnerability in its
Energy GMS600, PWC600, and Relion
products.
This is the second time in recent weeks where CISA has warned organizations in critical infrastructure sectors about serious vulnerabilities in systems they use in industrial and operational technology environments. In January, the agency issued a similar alert on
vulnerabilities in products from 12 ICS vendors
, including Siemens, Hitachi, Johnson Controls, Panasonic, and Sewio. As with the current set of flaws, many of the vulnerabilities in the previous advisory also allowed threat actors to take over systems, escalate privileges and create other havoc in ICS and OT settings.
Meanwhile, a report this week from the European Union Agency for Cybersecurity (ENISA) on
cyberthreats to the transportation sector
 warned of potential ransomware attacks against OT systems, based on an analysis of 98 publicly reported incidents in the EU transportation sector between January 2021 and October 2022. 
The analysis showed that financially motivated cybercriminals were responsible for some 47% of the attacks. A plurality of these attacks (38%) was ransomware related. Other common motivations included operational disruptions, espionage, and ideological attacks by hacktivist groups.
Though OT systems were sometimes collaterally damaged in these attacks, ENISAs researchers found no evidence of directed attacks on them in the 98 incidents it analyzed. The only cases were OT systems and networks were affected were either when entire networks were affected or when safety-critical IT systems were unavailable, the ENISA report said. However, the agency expects that to change. Ransomware groups will likely target and disrupt OT operations in the foreseeable future.
The European cybersecurity agencys report pointed to an
earlier ENISA analysis
that warned of ransomware actors and other new threat groups tracked as Kostovite, Petrovite, and Erythrite targeting ICS and OT systems and networks. The report also highlighted the continued evolution of
ICS specific malware
such as Industroyer, BlackEnergy, CrashOverride, and InController as signs of growing attacker interest in ICS environments.
In general, adversaries are willing to dedicate time and resources in compromising their targets to harvest information on the OT networks for future purposes, the ENISA report said. Currently, most adversaries in this space prioritize pre-positioning and information gathering over disruption as strategic objectives.

Last News

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
CISA Warns on Unpatched ICS Vulnerabilities Lurking in Critical Infrastructure