• itscybernews
  • Posts
  • CISA Releases Three Industrial Control Systems Advisories

CISA Releases Three Industrial Control Systems Advisories

Understanding Three Critical Industrial Cybersecurity Advisories

In partnership with

CISA Releases Three Industrial Control Systems Advisories

Overview

CISA has released three advisories concerning significant vulnerabilities in widely used industrial devices: Millbeck Communications Proroute H685t-w, Siemens SIMATIC S7-200 SMART Devices, and Yokogawa Dual-redundant Platform for Computer (PC2CKM). These advisories, released by the Cybersecurity and Infrastructure Security Agency (CISA), highlight the critical nature of cybersecurity in operational technologies (OT). In this post, we will dive into each advisory, explaining the vulnerabilities, risks, and mitigation strategies.

1. Millbeck Communications Proroute H685t-w Vulnerability

Overview
The Millbeck Communications Proroute H685t-w, a 4G router, has been found to contain vulnerabilities that allow attackers to remotely exploit the system. The vulnerability, CVSS v3 8.8, is of high severity and can be exploited with low attack complexity.

Vulnerabilities

  • Command Injection (CWE-77): Improper neutralization of special elements used in a command allows an attacker to inject and execute arbitrary commands on the operating system of the router. This could lead to full control of the device.

  • Cross-Site Scripting (XSS): Another issue with the router involves improper validation of user-supplied input, allowing attackers to inject malicious scripts.

Risks
Exploitation of these vulnerabilities could allow an attacker to gain control of the router and manipulate data flows, compromising the integrity and availability of critical communication networks​.

Mitigation
Millbeck Communications has recommended updating the Proroute H685t-w to the latest version to patch the vulnerability. Additionally, users are advised to minimize the device’s exposure to the internet by configuring firewalls to block unauthorized access.

The Daily Newsletter for Intellectually Curious Readers

  • We scour 100+ sources daily

  • Read by CEOs, scientists, business owners and more

  • 3.5 million subscribers

2. Siemens SIMATIC S7-200 SMART Devices Vulnerability

Overview
Siemens SIMATIC S7-200 SMART Devices, used in industrial automation, are vulnerable to Uncontrolled Resource Consumption (CWE-400), which can be exploited remotely. This vulnerability, CVSS v4 8.7, can lead to a denial-of-service (DoS) condition.

Vulnerability
The vulnerability occurs due to insufficient control over resource consumption, allowing an attacker to flood the system and cause it to crash or halt operations. This can have severe consequences in industrial environments where these devices control critical processes​.

Risks
A successful attack could cause a DoS, rendering essential systems inoperable, which could lead to costly downtime and potential safety hazards in environments that rely on these devices for automation.

Mitigation
Siemens has provided software updates to mitigate the vulnerability and advises users to apply these updates immediately. In addition, Siemens recommends restricting network access to the devices and employing firewalls to prevent unauthorized traffic from reaching them​.

3. Yokogawa Dual-redundant Platform for Computer (PC2CKM) Vulnerability

Overview
The Yokogawa Dual-redundant Platform for Computer (PC2CKM) has been identified as vulnerable to an Unchecked Return Value (CWE-252) issue. With a CVSS v3 score of 7.5, this vulnerability can be exploited remotely.

Vulnerability
The unchecked return value vulnerability arises when the system does not properly handle large amounts of UDP broadcast packets. This could occasionally result in a system restart, potentially disrupting operations in environments that rely on the dual-redundant platform for failover protection​.

Risks
If successfully exploited, this vulnerability could cause a system restart, leading to operational downtime. In critical industrial systems, such disruptions can have significant impacts on production, safety, and costs.

Mitigation
Yokogawa recommends updating the platform to the latest version and advises users to limit exposure to broadcast traffic on operational networks. Implementing network segmentation and monitoring can also reduce the risk of an exploit.