The Cybersecurity and Infrastructure Security Agency (CISA) in the United States has released four advisories outlining threats to Industrial Control Systems (ICS) from four different manufacturers. The advisories address vulnerabilities in Hitachi Energy, Trane, Rockwell Automation, and Mitsubishi Electric products.
The CISA advisory regarding Hitachi Energy highlights that the vulnerabilities affect the firmware version 03.0.02 and earlier of the AFF66x/665 equipment. Exploiting these vulnerabilities could potentially compromise the availability, integrity, and confidentiality of the targeted devices. Several specific vulnerabilities were identified, including a cross-site scripting vulnerability (CVE-2021-43523) that could lead to domain hijacking, and an origin validation error (CVE-2020-11868) that could be exploited to block unauthenticated synchronization using a spoofed IP address.
To mitigate these risks, Hitachi Energy recommends updating to the upcoming firmware release and ensuring that only trusted DNS servers and IP addresses are allowed. They also advise protecting process control systems from physical access by unknown individuals and keeping direct internet connections to these systems off. Additionally, Hitachi Energy suggests using firewall systems with minimally exposed ports and avoiding regular internet usage, such as instant messaging and receiving emails, on process control systems.
The advisory for Trane focuses on vulnerabilities in their thermostats, specifically the XL824 Thermostat, XL850, XL1050, and Pivot thermostats. One of the vulnerabilities identified is a command injection vulnerability (CVE-2023-4212) that requires physical access to the device through a USB. Another vulnerability (CVE-2023-2915) could allow threat actors to gain system privileges and delete arbitrary files. Trane Technologies recommends implementing proper physical security measures to prevent unauthorized access to the devices.
Rockwell Automation’s ThinManager ThinServer software is also vulnerable to an exploitation of an improper input validation flaw (CVE-2023-2914). This vulnerability could potentially allow cybercriminals to read access violations triggered by sending a crafted synchronization protocol message. Rockwell Automation advises users to implement the necessary security patches and updates provided by the company to mitigate this risk.
Mitsubishi Electric’s vulnerability (CVE-2023-1618) affects the Telnet function in their systems, which is left enabled by default. The vulnerability could allow unauthorized and remote logging into a compromised module, potentially causing an authentication bypass. Users are advised to disable the Telnet function or implement strong authentication measures to mitigate this risk.
These advisories from CISA highlight the importance of addressing vulnerabilities in Industrial Control Systems to protect critical infrastructure worldwide. Implementing the recommended mitigations and regularly updating firmware and software can help mitigate the risks associated with these vulnerabilities. It is crucial for organizations relying on these systems to stay informed about potential threats and take the necessary steps to safeguard their infrastructure.
Disclaimer: This article is based on internal and external research and is provided for reference purposes only. Users are responsible for their reliance on this information, and the Cyber Express assumes no liability for the accuracy or consequences of its use.