The Cybersecurity and Infrastructure Security Agency (CISA) recently issued two important Industrial Control Systems (ICS) advisories, drawing attention to vulnerabilities that could have significant impacts on critical infrastructure. These advisories, known as ICSA-25-091-01 and ICSA-24-331-04, aim to educate organizations about existing security threats, vulnerabilities, and necessary actions to protect ICS products and systems.
The first advisory, ICSA-25-091-01, focuses on a critical vulnerability found in Rockwell Automation’s Lifecycle Services integrated with Veeam Backup and Replication. This vulnerability involves the deserialization of untrusted data, a common method used by attackers to execute malicious code remotely. With a CVSS v4 score of 9.4, this flaw is deemed high risk as it can be exploited remotely with low attack complexity. Affected products include the Industrial Data Center (IDC) with Veeam (Generations 1-5) and VersaVirtual Appliance (VVA) with Veeam (Series A-C). If exploited, this vulnerability could allow attackers with administrative privileges to execute arbitrary code on affected systems, potentially leading to a complete system compromise.
To address this risk, CISA recommends that organizations minimize network exposure for all control systems and ensure they are not directly accessible from the internet. Secure access methods like Virtual Private Networks (VPNs) should be used for remote access, and VPNs should be kept up to date to prevent vulnerabilities from being exploited. Rockwell Automation is collaborating with CISA to notify affected customers, particularly those with active Infrastructure Managed Service contracts, and provide guidance on patching and remediation efforts.
The second advisory, ICSA-24-331-04, tackles vulnerabilities in Hitachi Energy’s MicroSCADA Pro/X SYS600 system, a vital component of critical infrastructure in the manufacturing and energy sectors. This advisory outlines multiple flaws, including issues such as improper neutralization of special elements in data query logic, path traversal vulnerabilities, and session hijacking possibilities through authentication bypass. The most severe vulnerability, CVE-2024-4872, has received a CVSS v3 score of 9.9, indicating its critical nature. This flaw allows authenticated attackers to inject malicious code into the system, compromising the integrity of persistent data and enabling unauthorized access to sensitive functions. Other vulnerabilities, like improper limitations on file paths (CVE-2024-3980), could be exploited to manipulate essential system files, leading to further compromise.
Similar to the first advisory, CISA recommends immediate implementation of mitigations to reduce risks associated with these vulnerabilities. Hitachi Energy has issued patches for affected versions, including a critical update to Version 10.6 for MicroSCADA Pro/X SYS600. Users are advised to apply necessary workarounds and stay updated with security patches to prevent exploitation.
In conclusion, these ICS advisories from CISA underscore the importance of prioritizing cybersecurity in critical infrastructure to safeguard against potential threats and vulnerabilities. Organizations must take proactive measures to secure their systems and networks to ensure the integrity and resilience of essential services.