Recent ICS Advisories from CISA
It’s important that when managing your Industrial Control System environment, […]
Share This Article:
It’s important that when managing your Industrial Control System environment, both local and international sources of authority should be followed and referenced.
Anchoram Consulting’s Kaden Butt has prepared a short summary on the release of this Advisory from CISA, including the relevance for Australian operators of these technologies in sectors such as Utilities, Transportation and Mining.
On the 7th of November 2024, the Cybersecurity and Infrastructure Security Agency (CISA) released critical advisories for three Industrial Control Systems (ICS) addressing vulnerabilities that could compromise availability across various critical infrastructure sectors where these solutions are utilised.
ICSA-24-312-01 Beckhoff Automation TwinCAT Package Manager
Summary:
A vulnerability lies in an Operating System (OS) command. This could lead to malicious command execution on the solution. CISA has labelled the attack as low complexity, meaning less sophisticated actors could exploit it. The TwinCAT Human Machine Interface (HMI) can be found in critical manufacturing businesses worldwide. The main mitigation suggested, as by Beckhoff Automation, is to update your software.
ICSA-24-312-02 Delta Electronics DIAScreen
Summary:
The vulnerability in DIAScreen is a Stack-based Buffer Overflow. CISA states that exploitation of this overflow can lead to crashing of the system. This vulnerability has also been labelled low complexity, the same as the Beckhoff vulnerability. This vulnerability relies on a user being tricked into using a malicious file, with the solution to allow exploitation of the vulnerability. CISA states the DIAScreen software is found worldwide in the energy sector. The main mitigation suggested by Delta Electronics is to update your software. It is also suggested that a refresher of your cybersecurity training is suggested for your system integrators leveraging this solution, as the initial foothold relies on social engineering by threat actors.
ICSA-24-312-03 Bosch Rexroth IndraDrive
Summary:
The vulnerability found in the IndraDrive appliance, when successfully exploited, can lead to denial-of-service compromising the availability of the servo drive system. Arbitrary messages can be sent to the solution, which would render the device unresponsive. CISA states that this servo drive can be found worldwide in the critical manufacturing industry. The pattern continues from the previous two advisories, as Bosch Rexroth recommends updating your software as soon as possible.
Takeaways:
The vulnerabilities across these three advisories may be command execution and denial of service through different means, but they can all lead to a degradation of total loss of availability on networks heavily reliant on them. The primary suggestion is updating your software, but this can lead to a loss of availability also, as commonly found in Operational Technology (OT) environments. A defense-in-depth approach should be taken into consideration when designing your operational networks, so that when vulnerabilities such as these occur, the robustness of the software isn’t the first line of defence. Practices like VPN, firewalls, network segmentation, awareness training and more are very important to support the defense-in-depth approach.
If you’re interested in managing vulnerabilities through vulnerability assessments, penetration testing and attack simulations, reach out to us for a quote today!
It’s important that when managing your Industrial Control System environment, […]
Share This Article:
Categories
Subscribe
Subscribe to our newsletter and get the latest news and information from Anchoram.