- itscybernews
- Posts
- CISA Releases Three Industrial Control Systems Advisories
CISA Releases Three Industrial Control Systems Advisories
Understanding Three Critical Industrial Cybersecurity Advisories
CISA Releases Three Industrial Control Systems Advisories
Overview
CISA has released three advisories concerning significant vulnerabilities in widely used industrial devices: Millbeck Communications Proroute H685t-w, Siemens SIMATIC S7-200 SMART Devices, and Yokogawa Dual-redundant Platform for Computer (PC2CKM). These advisories, released by the Cybersecurity and Infrastructure Security Agency (CISA), highlight the critical nature of cybersecurity in operational technologies (OT). In this post, we will dive into each advisory, explaining the vulnerabilities, risks, and mitigation strategies.
1. Millbeck Communications Proroute H685t-w Vulnerability
Overview
The Millbeck Communications Proroute H685t-w, a 4G router, has been found to contain vulnerabilities that allow attackers to remotely exploit the system. The vulnerability, CVSS v3 8.8, is of high severity and can be exploited with low attack complexity.
Vulnerabilities
Command Injection (CWE-77): Improper neutralization of special elements used in a command allows an attacker to inject and execute arbitrary commands on the operating system of the router. This could lead to full control of the device.
Cross-Site Scripting (XSS): Another issue with the router involves improper validation of user-supplied input, allowing attackers to inject malicious scripts.
Risks
Exploitation of these vulnerabilities could allow an attacker to gain control of the router and manipulate data flows, compromising the integrity and availability of critical communication networks.
Mitigation
Millbeck Communications has recommended updating the Proroute H685t-w to the latest version to patch the vulnerability. Additionally, users are advised to minimize the device’s exposure to the internet by configuring firewalls to block unauthorized access.
We scour 100+ sources daily
Read by CEOs, scientists, business owners and more
3.5 million subscribers
2. Siemens SIMATIC S7-200 SMART Devices Vulnerability
Overview
Siemens SIMATIC S7-200 SMART Devices, used in industrial automation, are vulnerable to Uncontrolled Resource Consumption (CWE-400), which can be exploited remotely. This vulnerability, CVSS v4 8.7, can lead to a denial-of-service (DoS) condition.
Vulnerability
The vulnerability occurs due to insufficient control over resource consumption, allowing an attacker to flood the system and cause it to crash or halt operations. This can have severe consequences in industrial environments where these devices control critical processes.
Risks
A successful attack could cause a DoS, rendering essential systems inoperable, which could lead to costly downtime and potential safety hazards in environments that rely on these devices for automation.
Mitigation
Siemens has provided software updates to mitigate the vulnerability and advises users to apply these updates immediately. In addition, Siemens recommends restricting network access to the devices and employing firewalls to prevent unauthorized traffic from reaching them.
How are you finding our content this far? |
3. Yokogawa Dual-redundant Platform for Computer (PC2CKM) Vulnerability
Overview
The Yokogawa Dual-redundant Platform for Computer (PC2CKM) has been identified as vulnerable to an Unchecked Return Value (CWE-252) issue. With a CVSS v3 score of 7.5, this vulnerability can be exploited remotely.
Vulnerability
The unchecked return value vulnerability arises when the system does not properly handle large amounts of UDP broadcast packets. This could occasionally result in a system restart, potentially disrupting operations in environments that rely on the dual-redundant platform for failover protection.
Risks
If successfully exploited, this vulnerability could cause a system restart, leading to operational downtime. In critical industrial systems, such disruptions can have significant impacts on production, safety, and costs.
Mitigation
Yokogawa recommends updating the platform to the latest version and advises users to limit exposure to broadcast traffic on operational networks. Implementing network segmentation and monitoring can also reduce the risk of an exploit.