Critical Auth Bugs Expose Smart Factory Gear to Cyberattack

  /     /     /  
Publicated : 23/11/2024   Category : security


Critical Auth Bugs Expose Smart Factory Gear to Cyberattack


Factory automation software from Mitsubishi Electric and Rockwell Automation could be subject to remote code execution (RCE), denial-of-service (DoS), and more.



Critical security vulnerabilities affecting factory automation software from Mitsubishi Electric and Rockwell Automation could variously allow remote code execution (RCE), authentication bypass, product tampering, or denial-of-service (DoS).
Thats according to the US Cybersecurity and Infrastructure Security Agency (CISA), which warned yesterday that an attacker could exploit the Mitsubishi Electric bug (CVE-2023-6943, CVSS score of 9.8) by calling a function with a path to a malicious library while connected to the device — resulting in authentication bypass, RCE, DoS, or data manipulation.
The Rockwell Automation bug (CVE-2024-10386, CVSS 9.8), meanwhile, stems from a missing authentication check; a cyberattacker with network access could exploit it by sending crafted messages to a device, potentially resulting in database manipulation.
The critical vulnerabilities are two out of several issues affecting Mitsubishis and Rockwell Automations smart-factory portfolios, all listed in CISAs Halloween
disclosure
. Both industrial control systems (ICS) suppliers have issued mitigations for manufacturers to follow in order to avoid future compromise.
The noncritical bugs include:
An out-of-bounds read that could result in DoS (CVE-2024-10387, CVSS 7.5) also
affects
the Rockwell Automation FactoryTalk ThinManager.
A remote unauthenticated attacker
may be able
to bypass authentication in Mitsubishi Electric FA Engineering Software Products by sending specially crafted packets (CVE-2023-6942, CVSS 7.5). And the Mitsubishi Electric portfolio is also vulnerable to
several lower-severity bugs
, CISA noted.
An authentication bypass vulnerability in the Mitsubishi Electric MELSEC iQ-R Series/iQ-F Series (CVE-2023-2060, CVSS 8.7) exists in its FTP function on EtherNet/IP modules. Weak password requirements could allow a remote, unauthenticated attacker to access the module via FTP by dictionary attack or password sniffing. Meanwhile, several other lower-severity issues also affect the platform, CISA
noted
.
Manufacturers should apply patches and mitigations as soon as possible, given that smart factories are
among the most-targeted ICS sectors
. The news also comes as nation-state attacks on US critical infrastructure have ramped up, with CISA warning that both Russian and
Chinese advanced persistent threats
(APTs) show no signs of
letting up their assaults on utilities
, telecoms, and other high-value targets. Canada as well recently warned of
sustained cyber assaults from China
on its critical infrastructure footprint.

Last News

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Critical Auth Bugs Expose Smart Factory Gear to Cyberattack