The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a stern warning to manufacturers, particularly those in the industrial control systems (ICS) sector, after discovering multiple critical vulnerabilities in popular systems from Rockwell Automation and Mitsubishi. The alert highlights the need for swift patching and mitigation efforts to prevent potential cyber-attacks that could compromise the integrity of these systems.
Vulnerabilities Discovered
CISA has identified four sets of recently discovered vulnerabilities affecting ICS systems, including:
Rockwell Automation FactoryTalk ThinManager
Two critical vulnerabilities (CVE-2024-10386 and CVE-2024-10387) have been found in the system. The first, a missing authentication for critical functions, allows an attacker to send crafted messages to the device, potentially leading to database manipulation or denial-of-service conditions.
markdown
* **CVE-2024-10386**: Missing Authentication for Critical Functions
+ Allows an attacker to send crafted messages to the device, potentially leading to:
- Database manipulation
- Denial-of-service conditions
The second vulnerability is an out-of-bounds read, which could also result in database manipulation or a denial-of-service condition.
Mitsubishi Electric FA Engineering Software Products
A major vulnerability (CVE-2023-6943) with a CVSS score of 9.8 allows attackers to execute malicious code by remotely calling a function with a path to a malicious library, potentially leading to unauthorized access and manipulation of product information or denial-of-service conditions.
markdown
* **CVE-2023-6943**: Remote Code Execution Vulnerability (CVSS Score: 9.8)
+ Allows attackers to execute malicious code by remotely calling a function with a path to a malicious library.
Mitsubishi Electric MELSEC iQ-R Series/iQ-F Series
A vulnerability (CVE-2023-2060) with a CVSS score of 8.7 involves an authentication bypass in the FTP function on an EtherNet/IP module, due to weak password requirements. This allows remote, unauthenticated attackers to access the module via FTP using dictionary attacks or password sniffing.
markdown
* **CVE-2023-2060**: Authentication Bypass Vulnerability (CVSS Score: 8.7)
+ Allows remote, unauthenticated attackers to access the module via FTP using:
- Dictionary attacks
- Password sniffing
Additional Vulnerabilities
CISA has also identified other vulnerabilities with lower severity scores, which should be addressed as soon as possible.
Mitigation Recommendations
To minimize the risk of exploitation of these vulnerabilities, CISA recommends that users take the following defensive measures:
- Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
- Locate control system networks and remote devices behind firewalls and isolate them from business networks.
- When remote access is required, use more secure methods such as virtual private networks (VPNs), and recognize that VPNs may have vulnerabilities and should be updated to the most current version available.
Recommendations for Affected Manufacturers
CISA has shared specific recommendations with Rockwell Automation and Mitsubishi to mitigate exploitation of these vulnerabilities. It is essential for manufacturers to take immediate action to patch these vulnerabilities and implement recommended mitigation measures.
By taking swift action, organizations can prevent potential cyber-attacks and protect their industrial control systems from unauthorized access and manipulation.
Quote from CISA
“CISA urges all affected manufacturers to immediately address these vulnerabilities through patches and other mitigations. We cannot stress enough the importance of prioritizing the security of ICS systems.” – US Cybersecurity and Infrastructure Security Agency