%20(1).webp "CISA Issues Six Advisories for Industrial Control Systems")
The Cybersecurity and Infrastructure Security Agency (CISA) has issued six advisories highlighting critical industrial control system vulnerabilities. Among the advisories issued are vulnerabilities affecting Rockwell Automation’s RSLogix 5 and RSLogix 500 software, IDEC PLCs, IDEC CORPORATION WindLDR and WindO/I-NV4, MegaSys Computer Technologies Telenium Online Web Application, Kastle Systems Access Control System, and Treck TCP/IP (Update I).
The first advisory concerns Rockwell Automation’s RSLogix 5 and RSLogix 500 software, which are vulnerable due to insufficient verification of data authenticity. The identified vulnerability, known as CVE-2024-7847, has a CVSS v4 score of 8.8, indicating high severity. This flaw allows for the embedding of malicious VBA scripts within project files, leading to potential remote code execution. All versions of RSLogix software are affected, necessitating immediate attention to prevent exploitation.
The second advisory focuses on vulnerabilities affecting IDEC PLCs, specifically the cleartext transmission of sensitive information and the generation of predictable identifiers. With a CVSS v3 score of 5.3, these vulnerabilities pose moderate risks, potentially enabling unauthorized access or communication disruptions. Products impacted include the FC6A and FC6B Series MICROSmart All-in-One and CPU modules, as well as the FT1A Series SmartAXIS Pro/Lite.
The third advisory addresses vulnerabilities in IDEC CORPORATION WindLDR and WindO/I-NV4 software, resulting from the cleartext storage of sensitive information. The identified vulnerability, CVE-2024-41716, has a CVSS v3 score of 5.9. Exploitable remotely, this flaw could allow attackers to obtain sensitive user authentication information. Versions affected include WindLDR version 9.1.0 and prior, as well as WindO/I-NV4 version 3.0.1 and prior.
The fourth advisory pertains to MegaSys Computer Technologies Telenium Online Web Application, which is affected by a critical vulnerability due to improper input validation. The vulnerability, known as CVE-2024-6404, has a CVSS v4 score of 9.3, indicating high severity. Exploitable remotely with low attack complexity, this flaw allows for the injection of arbitrary Perl code through HTTP requests, potentially leading to remote code execution.
The fifth advisory concerns the Kastle Systems Access Control System, vulnerable due to hard-coded credentials and cleartext storage of sensitive information. Identified as CVE-2024-45861 and CVE-2024-45862, these vulnerabilities have a CVSS v4 score of 9.2, indicating high severity. Firmware versions before May 1, 2024, are affected, posing risks of unauthorized access and data exposure.
The final advisory addresses the Ripple20 vulnerabilities discovered in the Treck TCP/IP stack, affecting various devices and industries. These vulnerabilities can lead to remote code execution, data breaches, and other severe impacts. Each vulnerability is categorized by its Common Vulnerabilities and Exposures (CVE) identifier, highlighting critical security flaws that require immediate attention.
To mitigate these vulnerabilities, organizations are advised to apply patches, implement network segmentation, and monitor network traffic for unusual activities. By addressing these vulnerabilities promptly, organizations can enhance their cybersecurity posture and protect against potential exploitation by threat actors.