Newly Discovered Vulnerabilities Highlight Risks in Industrial Control Systems

The Vulnerabilities

CISA has disclosed four sets of recently discovered vulnerabilities affecting various Industrial Control Systems (ICS). These include:

1. Rockwell Automation FactoryTalk ThinManager

• CVE-2024-10386: Missing authentication for critical functions
• CVE-2024-10387: Out-of-bounds read vulnerability

Exploitation of these vulnerabilities could allow attackers to send crafted messages to devices, potentially leading to database manipulation or denial-of-service (DoS) conditions.

2. Mitsubishi Electric FA Engineering Software Products

• CVE-2023-6943: Remote code execution vulnerability (CVSS score: 9.8)

This vulnerability allows attackers to execute malicious code by remotely calling a function with a path to a malicious library, potentially resulting in unauthorized access to product information or causing DoS conditions.

3. Mitsubishi Electric MELSEC iQ-R Series/iQ-F Series

• CVE-2023-2060: Authentication bypass vulnerability (CVSS score: 8.7)

This flaw involves weak password requirements and allows remote, unauthenticated attackers to access modules via FTP through dictionary attacks or password sniffing.

4. Other Vulnerabilities

CISA has also identified several additional vulnerabilities with lower severity scores that could still pose risks to ICS environments.

CISA’s Recommendations

To reduce the risk of exploitation, both Rockwell Automation and Mitsubishi have provided specific mitigation strategies in coordination with CISA. Key recommendations include:

1. Minimizing network exposure for all control system devices and systems.
2. Ensuring that these systems are not directly accessible from the internet.
3. Positioning control system networks and remote devices behind firewalls and isolating them from business networks.
4. Utilizing secure methods such as Virtual Private Networks (VPNs) for remote access when necessary.

Defensive Measures

CISA further advises that users adopt comprehensive defensive measures to reduce the likelihood of exploitation:

1. Regularly update all software and firmware to the latest available versions.
2. Use strong passwords and enable multi-factor authentication whenever possible.
3. Implement robust firewalls and intrusion detection systems to monitor network traffic effectively.

Conclusion

By staying informed about these vulnerabilities and adhering to recommended best practices, organizations can better protect their ICS environments against potential cyber threats. Ensuring proactive measures such as regular updates, secure network configurations, and strong authentication protocols are essential to safeguarding critical industrial systems.