- itscybernews
- Posts
- Latest Security Updates and Vulnerabilities
Latest Security Updates and Vulnerabilities
Addressing Critical Vulnerabilities in AutomationDirect PLCs and Cisco Software, and the Rise of ORB Proxy Use by State Hackers
Latest Security Updates and Vulnerabilities
AutomationDirect Productivity PLC Vulnerabilities
AutomationDirect's Productivity PLCs have been identified with several critical vulnerabilities that could lead to severe security breaches. The vulnerabilities discovered include buffer access with incorrect length value, out-of-bounds write, stack-based buffer overflow, improper access control, active debug code, and insufficient verification of data authenticity. These issues affect multiple versions of the Productivity series, including the P3-550E, P3-550, P3-530, P2-550, P1-550, and P1-540 CPUs.
Key Vulnerabilities
Buffer Access with Incorrect Length Value (CWE-805)
Affected Product: Productivity 3000 P3-550E CPU FW 1.2.10.9
Description: A stack-based buffer overflow exists in the Programming Software Connection FileSelect functionality. An unauthenticated packet can trigger this vulnerability, leading to remote code execution.
CVE ID: CVE-2024-24962
CVSS v3.1 Base Score: 9.8
CVSS v4 Base Score: 9.3
Null-byte Write Vulnerability
Affected Product: Productivity 3000 P3-550E CPU FW 1.2.10.9
Description: A vulnerability in the FileSystem API allows specially crafted network packets to cause heap-based memory corruption, potentially leading to denial of service or limited code execution.
CVE ID: CVE-2024-24956
CVSS v3.1 Base Score: 8.2
CVSS v4 Base Score: 8.2
Mitigation Measures
To mitigate these vulnerabilities, AutomationDirect has released firmware updates. Users are strongly encouraged to update their systems to the latest firmware versions to protect against potential exploits. Detailed information and update procedures are available on the AutomationDirect website.
Cisco ASA, FMC, and FTD Software Security Advisory
Cisco has released a comprehensive security advisory addressing multiple vulnerabilities in ASA, FMC, and FTD software. These vulnerabilities have been bundled in the May 2024 publication, addressing critical issues across various Cisco products.
Key Vulnerabilities
SQL Injection Vulnerability in FMC
Description: A SQL injection vulnerability in the Firepower Management Center software allows an authenticated attacker to execute arbitrary SQL commands.
CVE ID: CVE-2024-20360
CVSS Base Score: 8.8 (High)
ACL Bypass in ASA and FTD
Description: An ACL bypass vulnerability in Cisco ASA and FTD software allows an attacker to bypass security policies.
CVE ID: CVE-2024-20293
CVSS Base Score: 5.8 (Medium)
Object Group Access Control List Bypass
Description: This vulnerability in the Firepower Management Center software could allow an attacker to bypass configured security policies.
CVE ID: CVE-2024-20361
CVSS Base Score: 5.8 (Medium)
Authorization Bypass in ASA and FTD
Description: An authorization bypass vulnerability could allow an attacker to bypass certain authorization mechanisms.
CVE ID: CVE-2024-20355
CVSS Base Score: 5 (Medium)
Mitigation Measures
Cisco has released software updates to address these vulnerabilities. Users should upgrade to the fixed software releases as soon as possible. Detailed advisory and update instructions are available on the Cisco Security Center website.
State Hackers Exploiting ORB Proxy Networks
State-sponsored hackers are increasingly leveraging ORB (Onion Routing and Bridging) proxy networks to evade detection. These networks allow attackers to mask their activities and maintain anonymity while conducting cyber operations.
Key Insights
Usage of ORB Networks
Description: Hackers use ORB networks to route their malicious traffic through multiple nodes, complicating efforts to trace the origin of attacks. This technique effectively anonymizes their activities, making it difficult for cybersecurity teams to track and mitigate threats.
Evading Detection
Techniques: By using ORB networks, attackers can bypass traditional security measures and avoid IP-based blocking. These networks also help in obfuscating the traffic patterns that are typically used to identify malicious activities.
Mitigation Measures
To combat these sophisticated tactics, cybersecurity experts recommend implementing advanced threat detection systems capable of analyzing traffic patterns beyond simple IP tracking. Regular updates to intrusion detection systems and maintaining robust threat intelligence capabilities are crucial in identifying and mitigating these threats.
These updates highlight the importance of staying informed and proactive in addressing security vulnerabilities and evolving threats. Regular software updates, robust security policies, and advanced threat detection mechanisms are essential in safeguarding against potential exploits and attacks .