• itscybernews
  • Posts
  • Latest Security Updates and Vulnerabilities

Latest Security Updates and Vulnerabilities

Addressing Critical Vulnerabilities in AutomationDirect PLCs and Cisco Software, and the Rise of ORB Proxy Use by State Hackers

Author

The itscybernews Team
May 25, 2024

Latest Security Updates and Vulnerabilities

AutomationDirect Productivity PLC Vulnerabilities

AutomationDirect's Productivity PLCs have been identified with several critical vulnerabilities that could lead to severe security breaches. The vulnerabilities discovered include buffer access with incorrect length value, out-of-bounds write, stack-based buffer overflow, improper access control, active debug code, and insufficient verification of data authenticity. These issues affect multiple versions of the Productivity series, including the P3-550E, P3-550, P3-530, P2-550, P1-550, and P1-540 CPUs.

Key Vulnerabilities

  1. Buffer Access with Incorrect Length Value (CWE-805)

    • Affected Product: Productivity 3000 P3-550E CPU FW 1.2.10.9

    • Description: A stack-based buffer overflow exists in the Programming Software Connection FileSelect functionality. An unauthenticated packet can trigger this vulnerability, leading to remote code execution.

    • CVE ID: CVE-2024-24962

    • CVSS v3.1 Base Score: 9.8

    • CVSS v4 Base Score: 9.3

  2. Null-byte Write Vulnerability

    • Affected Product: Productivity 3000 P3-550E CPU FW 1.2.10.9

    • Description: A vulnerability in the FileSystem API allows specially crafted network packets to cause heap-based memory corruption, potentially leading to denial of service or limited code execution.

    • CVE ID: CVE-2024-24956

    • CVSS v3.1 Base Score: 8.2

    • CVSS v4 Base Score: 8.2

Mitigation Measures

To mitigate these vulnerabilities, AutomationDirect has released firmware updates. Users are strongly encouraged to update their systems to the latest firmware versions to protect against potential exploits. Detailed information and update procedures are available on the AutomationDirect website.

Cisco ASA, FMC, and FTD Software Security Advisory

Cisco has released a comprehensive security advisory addressing multiple vulnerabilities in ASA, FMC, and FTD software. These vulnerabilities have been bundled in the May 2024 publication, addressing critical issues across various Cisco products.

Key Vulnerabilities

  1. SQL Injection Vulnerability in FMC

    • Description: A SQL injection vulnerability in the Firepower Management Center software allows an authenticated attacker to execute arbitrary SQL commands.

    • CVE ID: CVE-2024-20360

    • CVSS Base Score: 8.8 (High)

  2. ACL Bypass in ASA and FTD

    • Description: An ACL bypass vulnerability in Cisco ASA and FTD software allows an attacker to bypass security policies.

    • CVE ID: CVE-2024-20293

    • CVSS Base Score: 5.8 (Medium)

  3. Object Group Access Control List Bypass

    • Description: This vulnerability in the Firepower Management Center software could allow an attacker to bypass configured security policies.

    • CVE ID: CVE-2024-20361

    • CVSS Base Score: 5.8 (Medium)

  4. Authorization Bypass in ASA and FTD

    • Description: An authorization bypass vulnerability could allow an attacker to bypass certain authorization mechanisms.

    • CVE ID: CVE-2024-20355

    • CVSS Base Score: 5 (Medium)

Mitigation Measures

Cisco has released software updates to address these vulnerabilities. Users should upgrade to the fixed software releases as soon as possible. Detailed advisory and update instructions are available on the Cisco Security Center website.

State Hackers Exploiting ORB Proxy Networks

State-sponsored hackers are increasingly leveraging ORB (Onion Routing and Bridging) proxy networks to evade detection. These networks allow attackers to mask their activities and maintain anonymity while conducting cyber operations.

Key Insights

  1. Usage of ORB Networks

    • Description: Hackers use ORB networks to route their malicious traffic through multiple nodes, complicating efforts to trace the origin of attacks. This technique effectively anonymizes their activities, making it difficult for cybersecurity teams to track and mitigate threats.

  2. Evading Detection

    • Techniques: By using ORB networks, attackers can bypass traditional security measures and avoid IP-based blocking. These networks also help in obfuscating the traffic patterns that are typically used to identify malicious activities.

Mitigation Measures

To combat these sophisticated tactics, cybersecurity experts recommend implementing advanced threat detection systems capable of analyzing traffic patterns beyond simple IP tracking. Regular updates to intrusion detection systems and maintaining robust threat intelligence capabilities are crucial in identifying and mitigating these threats.

These updates highlight the importance of staying informed and proactive in addressing security vulnerabilities and evolving threats. Regular software updates, robust security policies, and advanced threat detection mechanisms are essential in safeguarding against potential exploits and attacks .