The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about two new vulnerabilities in industrial control systems (ICS) that are widely used in healthcare and critical manufacturing sectors. These vulnerabilities could potentially attract cybercriminals looking to exploit weaknesses in these systems.
One of the vulnerabilities affects Baxter’s Connex Health Portal, previously known as Hillrom and Welch Allyn, and the other impacts Mitsubishi Electric’s MELSEC line of programmable controllers. Both vendors have released updates to address these vulnerabilities and have recommended specific mitigations that customers can implement to reduce the risk of exploitation.
The vulnerability in Baxter’s Connex Health Portal, identified as CVE-2024-6795, is described as a severe SQL injection issue with a CVSS score of 10.0, making it highly critical. This vulnerability could allow an unauthenticated attacker to execute arbitrary SQL queries on affected systems, potentially granting access to sensitive data and enabling additional administrative actions, including shutting down the database. Another vulnerability in Baxter’s Connex Health Portal, CVE-2024-6796, involves improper access control, with a CVSS severity rating of 8.2. This flaw could enable attackers to access and manipulate patient and clinician information without requiring special privileges.
Baxter has released patches to address these vulnerabilities, but CISA recommends that organizations take additional steps to minimize network exposure, restrict access to control system devices, and implement secure remote access methods like VPNs. Despite no reported exploit activities targeting these vulnerabilities, the healthcare sector remains a lucrative target for cybercriminals due to the valuable data it holds and its susceptibility to disruptions in patient care.
On the other hand, CISA’s advisory on Mitsubishi Electric’s MELSEC programmable controllers highlights vulnerabilities initially disclosed in 2020 and subsequently updated to address ongoing issues related to denial of service and improper resource shutdown. The latest advisory includes new affected products and mitigation strategies to defend against these threats. The manufacturing sector faces unique challenges with over 75% of companies having unpatched high-severity vulnerabilities and a significant increase in cyber attacks targeting these organizations. A recent report by Armis revealed a 165% rise in attacks on manufacturing companies in 2023, underscoring the need for robust cybersecurity measures in this critical sector.
In conclusion, the emergence of these vulnerabilities underscores the importance of proactive cybersecurity measures in safeguarding critical infrastructure and sensitive data in healthcare and manufacturing sectors. Organizations must stay vigilant, apply security patches promptly, and follow best practices to mitigate the risk of cyber threats and protect against potential exploitation of these vulnerabilities.