Cyber Pulse
CISA Releases Three Industrial Control Systems Advisories
CISA alerts on critical vulnerabilities in industrial control systems, affecting Delta Electronics, SEW-EURODRIVE, and Unitronics. Administrators are urged to update software, minimize network exposure, and secure remote access.
The Cybersecurity and Infrastructure Security Agency (CISA) recently released advisories on critical vulnerabilities in industrial control systems, urging administrators to implement recommended security measures.
These vulnerabilities affect software from Delta Electronics, SEW-EURODRIVE, and Unitronics, each presenting unique risks to industrial operations.
CVE-2024-4192
Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process
Delta Electronics disclosed a significant security flaw in its CNCSoft-G2 DOPSoft, marked by the advisory ICSA-24-121-01. This critical stack-based buffer overflow vulnerability, assigned a CVSS v4 score of 8.5, could potentially allow attackers to execute arbitrary code.
This risk affects all versions up to 2.0.0.5 with DOPSoft v5.0.0.93, caused by improper validation of user-supplied data lengths before being copied to a fixed-size buffer.
Users are urged to update to version 2.1.0.4 or later. CISA also advises reducing network exposure and updating VPNs for secure remote access.
CVE-2024-1167
When SEW-EURODRIVE MOVITOOLS MotionStudio processes XML information unrestricted file access can occur.
SEW-EURODRIVE issued an update for MOVITOOLS MotionStudio software due to a vulnerability allowing improper access to XML data, detailed in advisory ICSA-24-016-01.
With a CVSS v3 score of 5.6, the flaw involves inadequate restriction of XML External Entity (XXE) references, potentially leading to sensitive file exposure.
This issue affects version 6.5.0.2, discovered by Trend Micro’s Zero Day Initiative. Users are recommended to block outgoing TCP connections via "SEWManager.exe" and to update to version 6.70 as soon as possible.
CVE-2024-1480
Unitronics Vision Standard line of controllers allow the Information Mode password to be retrieved without authentication.
Unitronics released an update for its Vision Legacy series PLCs, particularly critical for water and wastewater infrastructures. Advisory ICSA-24-109-01 outlines a severe risk where passwords are stored in a recoverable format, enabling attackers to access PLC functions remotely.
This vulnerability affects several models, including Vision 230 and Vision 280, with a high severity CVSS v4 score of 8.7. Unitronics advises users to change default passwords and implement multi-factor access controls, particularly restricting Ethernet access to PLCs.
In response to these vulnerabilities, CISA emphasises the importance of minimising network exposure and employing secure remote access methods such as VPNs.
Additionally, they recommend conducting thorough impact analysis and risk assessments to safeguard industrial control systems against potential cyber-attacks.
These advisories reflect the ongoing challenges in cybersecurity for industrial environments and underscore the critical need for continuous vigilance and proactive security measures. CISA continues to offer guidance and resources to help protect these essential systems.