CISA Releases Two Industrial Control Systems (ICS) Advisories

CISA issued two ICS advisories on April 4, 2024, highlighting vulnerabilities in Hitachi Energy's Asset Suite 9 (CVE-2024-2244) and Schweitzer's SEL 700 series relays (CVE-2024-2103). Users should review and apply recommended security measures.

CISA Releases Two Industrial Control Systems (ICS) Advisories

CISA released two vital ICS advisories on April 4, 2024. ICSA-24-095-01 discusses authentication vulnerabilities in Hitachi Energy's Asset Suite 9, while ICSA-24-095-02 addresses issues with undocumented features in Schweitzer Engineering Laboratories' SEL 700 series relays.

Users are urged to review these advisories for mitigation recommendations to bolster ICS security.

CVE-2024-2244 (REST Auth Anomaly)REST service authentication anomaly with “valid username/no password” credential combination for batch job processing resulting in successful service invocation. The anomaly doesn’t exist with other credential combinations.

CVE-2024-2103Inclusion of undocumented features vulnerability accessible when logged on with a privileged access level on several Schweitzer Engineering Laboratories relays could allow the relay to behave unpredictably.

CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations. These vulnerabilities impact Hitachi Energy Suite 9 and Schweitzer Engineering Laboratories SEL

Hitachi Energy Asset Suite 9

Hitachi Energy's Asset Suite, versions prior to 9.6.3.13 and 9.6.4.1, is susceptible to an improper authentication vulnerability (CVE-2024-2244).

With a CVSS v4 score of 6.9, the flaw allows remote attackers to exploit an anomaly in the REST service authentication, potentially invoking the service without proper credentials.

The risk evaluation emphasises the possibility of unauthorised access, posing a threat to enterprise asset management systems.

Risk Evaluation

Successful exploitation of the vulnerability could enable attackers to utilise an authentication anomaly to invoke the REST service without appropriate credentials, potentially compromising the system's integrity.

Technical Details

The vulnerability (CWE-287) lies in the REST service authentication mechanism, allowing service invocation with a "valid username/no password" combination, specifically for batch job processing.

Versions of Hitachi Energy's Asset Suite prior to 9.6.3.13 and 9.6.4.1 are affected. Both CVSS v3.1 and v4 scores have been calculated, indicating the severity of the issue.

Mitigations

Hitachi Energy advises users to update to version 9.6.3.13 or 9.6.4.1 to mitigate the vulnerability. Additionally, CISA recommends defensive measures such as minimising network exposure, using secure remote access methods like VPNs, and following cybersecurity best practices outlined on cisa.gov/ics. No known public exploitation targeting this vulnerability has been reported as of now.

Schweitzer Engineering Laboratories SEL

Schweitzer Engineering Laboratories' SEL 700 series relays, specifically versions before certain updates, are found vulnerable to an inclusion of undocumented features flaw (CVE-2024-2103).

With a CVSS v4 score of 5.9, the vulnerability poses a threat as it could allow attackers with privileged access to make unauthorised modifications or trigger a denial-of-service situation remotely with low attack complexity.

Risk Evaluation

The exploitation of this vulnerability could enable attackers to manipulate the behaviour of the relays unpredictably or cause a denial-of-service condition, potentially disrupting critical energy infrastructure.

Technical Details

The vulnerability, categorised as CWE-1242, arises due to the inclusion of undocumented features accessible to users with privileged access. Various SEL 700 series relays are affected, and CVE-2024-2103 has been assigned to this flaw.

Both CVSS v3.1 and v4 scores have been calculated, indicating the severity of the issue.

Mitigations

Schweitzer Engineering Laboratories advises users to update affected relays to the latest versions listed.

Additionally, CISA recommends defensive measures such as minimising network exposure, employing firewalls to isolate control system networks, and using secure remote access methods like VPNs.

Organisations are encouraged to implement recommended cybersecurity strategies and follow proper impact analysis and risk assessment protocols.

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Cyber News Centre.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.