CISA released two vital ICS advisories on April 4, 2024. ICSA-24-095-01 discusses authentication vulnerabilities in Hitachi Energy's Asset Suite 9, while ICSA-24-095-02 addresses issues with undocumented features in Schweitzer Engineering Laboratories' SEL 700 series relays.
Users are urged to review these advisories for mitigation recommendations to bolster ICS security.
Hitachi Energy Asset Suite 9
Hitachi Energy's Asset Suite, versions prior to 9.6.3.13 and 9.6.4.1, is susceptible to an improper authentication vulnerability (CVE-2024-2244).
With a CVSS v4 score of 6.9, the flaw allows remote attackers to exploit an anomaly in the REST service authentication, potentially invoking the service without proper credentials.
The risk evaluation emphasises the possibility of unauthorised access, posing a threat to enterprise asset management systems.
Risk Evaluation
Successful exploitation of the vulnerability could enable attackers to utilise an authentication anomaly to invoke the REST service without appropriate credentials, potentially compromising the system's integrity.
Technical Details
The vulnerability (CWE-287) lies in the REST service authentication mechanism, allowing service invocation with a "valid username/no password" combination, specifically for batch job processing.
Versions of Hitachi Energy's Asset Suite prior to 9.6.3.13 and 9.6.4.1 are affected. Both CVSS v3.1 and v4 scores have been calculated, indicating the severity of the issue.
Mitigations
Hitachi Energy advises users to update to version 9.6.3.13 or 9.6.4.1 to mitigate the vulnerability. Additionally, CISA recommends defensive measures such as minimising network exposure, using secure remote access methods like VPNs, and following cybersecurity best practices outlined on cisa.gov/ics. No known public exploitation targeting this vulnerability has been reported as of now.
Schweitzer Engineering Laboratories SEL
Schweitzer Engineering Laboratories' SEL 700 series relays, specifically versions before certain updates, are found vulnerable to an inclusion of undocumented features flaw (CVE-2024-2103).
With a CVSS v4 score of 5.9, the vulnerability poses a threat as it could allow attackers with privileged access to make unauthorised modifications or trigger a denial-of-service situation remotely with low attack complexity.
Risk Evaluation
The exploitation of this vulnerability could enable attackers to manipulate the behaviour of the relays unpredictably or cause a denial-of-service condition, potentially disrupting critical energy infrastructure.
Technical Details
The vulnerability, categorised as CWE-1242, arises due to the inclusion of undocumented features accessible to users with privileged access. Various SEL 700 series relays are affected, and CVE-2024-2103 has been assigned to this flaw.
Both CVSS v3.1 and v4 scores have been calculated, indicating the severity of the issue.
Mitigations
Schweitzer Engineering Laboratories advises users to update affected relays to the latest versions listed.
Additionally, CISA recommends defensive measures such as minimising network exposure, employing firewalls to isolate control system networks, and using secure remote access methods like VPNs.
Organisations are encouraged to implement recommended cybersecurity strategies and follow proper impact analysis and risk assessment protocols.
