CISA alerts on critical vulnerabilities in industrial control systems, affecting Delta Electronics, SEW-EURODRIVE, and Unitronics. Administrators are urged to update software, minimize network exposure, and secure remote access.
The Cybersecurity and Infrastructure Security Agency (CISA) recently released advisories on critical vulnerabilities in industrial control systems, urging administrators to implement recommended security measures.
These vulnerabilities affect software from Delta Electronics, SEW-EURODRIVE, and Unitronics, each presenting unique risks to industrial operations.
Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process
Delta Electronics disclosed a significant security flaw in its CNCSoft-G2 DOPSoft, marked by the advisory ICSA-24-121-01. This critical stack-based buffer overflow vulnerability, assigned a CVSS v4 score of 8.5, could potentially allow attackers to execute arbitrary code.
This risk affects all versions up to 2.0.0.5 with DOPSoft v5.0.0.93, caused by improper validation of user-supplied data lengths before being copied to a fixed-size buffer.
Users are urged to update to version 2.1.0.4 or later. CISA also advises reducing network exposure and updating VPNs for secure remote access.
When SEW-EURODRIVE MOVITOOLS MotionStudio processes XML information unrestricted file access can occur.
SEW-EURODRIVE issued an update for MOVITOOLS MotionStudio software due to a vulnerability allowing improper access to XML data, detailed in advisory ICSA-24-016-01.
With a CVSS v3 score of 5.6, the flaw involves inadequate restriction of XML External Entity (XXE) references, potentially leading to sensitive file exposure.
This issue affects version 6.5.0.2, discovered by Trend Micro’s Zero Day Initiative. Users are recommended to block outgoing TCP connections via "SEWManager.exe" and to update to version 6.70 as soon as possible.
Unitronics Vision Standard line of controllers allow the Information Mode password to be retrieved without authentication.
Unitronics released an update for its Vision Legacy series PLCs, particularly critical for water and wastewater infrastructures. Advisory ICSA-24-109-01 outlines a severe risk where passwords are stored in a recoverable format, enabling attackers to access PLC functions remotely.
This vulnerability affects several models, including Vision 230 and Vision 280, with a high severity CVSS v4 score of 8.7. Unitronics advises users to change default passwords and implement multi-factor access controls, particularly restricting Ethernet access to PLCs.
In response to these vulnerabilities, CISA emphasises the importance of minimising network exposure and employing secure remote access methods such as VPNs.
Additionally, they recommend conducting thorough impact analysis and risk assessments to safeguard industrial control systems against potential cyber-attacks.
These advisories reflect the ongoing challenges in cybersecurity for industrial environments and underscore the critical need for continuous vigilance and proactive security measures. CISA continues to offer guidance and resources to help protect these essential systems.
This week’s Cyber Pulse Mid-Week Briefings cover Australia’s new Cyber Security Bill, rising ransomware claims, Zscaler's AI-driven platform growth, and cyber threats from East Asia, including Chinese influence operations, North Korean tech theft, and costly global data breach claims.
Telegram is tightening its policies, sharing user IPs and phone numbers of criminals with authorities. As hybrid warfare blends state-backed hacking with cybercrime, Telegram faces pressure to curb illegal activities exploiting its encryption features.
DDoS attacks are on the rise globally, targeting the Middle East, Israel, Ukraine, and key sectors like software, telecom, and banking.
BlackSuit Ransomware Strikes Again! The notorious hackers behind last year's Dallas attack have rebranded as BlackSuit, now demanding $500 million in ransoms! The FBI and CISA confirm the group's new identity, with aggressive tactics and enhanced methods to pressure victims into paying up.
