CISA issued two ICS advisories on April 4, 2024, highlighting vulnerabilities in Hitachi Energy's Asset Suite 9 (CVE-2024-2244) and Schweitzer's SEL 700 series relays (CVE-2024-2103). Users should review and apply recommended security measures.
CISA released two vital ICS advisories on April 4, 2024. ICSA-24-095-01 discusses authentication vulnerabilities in Hitachi Energy's Asset Suite 9, while ICSA-24-095-02 addresses issues with undocumented features in Schweitzer Engineering Laboratories' SEL 700 series relays.
Users are urged to review these advisories for mitigation recommendations to bolster ICS security.
CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations. These vulnerabilities impact Hitachi Energy Suite 9 and Schweitzer Engineering Laboratories SEL
Hitachi Energy's Asset Suite, versions prior to 9.6.3.13 and 9.6.4.1, is susceptible to an improper authentication vulnerability (CVE-2024-2244).
With a CVSS v4 score of 6.9, the flaw allows remote attackers to exploit an anomaly in the REST service authentication, potentially invoking the service without proper credentials.
The risk evaluation emphasises the possibility of unauthorised access, posing a threat to enterprise asset management systems.
Successful exploitation of the vulnerability could enable attackers to utilise an authentication anomaly to invoke the REST service without appropriate credentials, potentially compromising the system's integrity.
The vulnerability (CWE-287) lies in the REST service authentication mechanism, allowing service invocation with a "valid username/no password" combination, specifically for batch job processing.
Versions of Hitachi Energy's Asset Suite prior to 9.6.3.13 and 9.6.4.1 are affected. Both CVSS v3.1 and v4 scores have been calculated, indicating the severity of the issue.
Hitachi Energy advises users to update to version 9.6.3.13 or 9.6.4.1 to mitigate the vulnerability. Additionally, CISA recommends defensive measures such as minimising network exposure, using secure remote access methods like VPNs, and following cybersecurity best practices outlined on cisa.gov/ics. No known public exploitation targeting this vulnerability has been reported as of now.
Schweitzer Engineering Laboratories' SEL 700 series relays, specifically versions before certain updates, are found vulnerable to an inclusion of undocumented features flaw (CVE-2024-2103).
With a CVSS v4 score of 5.9, the vulnerability poses a threat as it could allow attackers with privileged access to make unauthorised modifications or trigger a denial-of-service situation remotely with low attack complexity.
The exploitation of this vulnerability could enable attackers to manipulate the behaviour of the relays unpredictably or cause a denial-of-service condition, potentially disrupting critical energy infrastructure.
The vulnerability, categorised as CWE-1242, arises due to the inclusion of undocumented features accessible to users with privileged access. Various SEL 700 series relays are affected, and CVE-2024-2103 has been assigned to this flaw.
Both CVSS v3.1 and v4 scores have been calculated, indicating the severity of the issue.
Schweitzer Engineering Laboratories advises users to update affected relays to the latest versions listed.
Additionally, CISA recommends defensive measures such as minimising network exposure, employing firewalls to isolate control system networks, and using secure remote access methods like VPNs.
Organisations are encouraged to implement recommended cybersecurity strategies and follow proper impact analysis and risk assessment protocols.
This week’s Cyber Pulse Mid-Week Briefings cover Australia’s new Cyber Security Bill, rising ransomware claims, Zscaler's AI-driven platform growth, and cyber threats from East Asia, including Chinese influence operations, North Korean tech theft, and costly global data breach claims.
Telegram is tightening its policies, sharing user IPs and phone numbers of criminals with authorities. As hybrid warfare blends state-backed hacking with cybercrime, Telegram faces pressure to curb illegal activities exploiting its encryption features.
DDoS attacks are on the rise globally, targeting the Middle East, Israel, Ukraine, and key sectors like software, telecom, and banking.
CrowdStrike's disastrous July 19 software update crippled Jetstar and exposed vulnerabilities, causing a global IT outage. Competitors like SentinelOne exploited the chaos, shaking customer trust and eroding CrowdStrike's market value by 25%.
